Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-6866

Опубликовано: 15 фев. 2017
Источник: debian
EPSS Низкий

Описание

slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
suckless-toolsfixed41-1package
suckless-toolsfixed40-1+deb8u2jessiepackage

Примечания

  • https://www.openwall.com/lists/oss-security/2016/08/18/22

  • http://s1m0n.dft-labs.eu/files/slock/

  • Starting with 41-1 slock.c got patched to use PAM, cf. #739629

  • and with the patch readpw(dpy, pws) is not called anymore, and

  • thus in readpw, not calling crypt(passwd, pws) with a possibly

  • empty pws.

EPSS

Процентиль: 64%
0.00473
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2016-6866

CVSS3: 7.5
ubuntu
почти 9 лет назад

slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.

nvd логотип

CVE-2016-6866

CVSS3: 7.5
nvd
почти 9 лет назад

slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.

github логотип

GHSA-h53p-2gg5-7vfm

CVSS3: 7.5
github
больше 3 лет назад

slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.

EPSS

Процентиль: 64%
0.00473
Низкий