Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-4132

Опубликовано: 29 июн. 2013
Источник: redhat
CVSS2: 1.9
EPSS Низкий

Описание

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.

Отчет

Not Vulnerable. This issue does not affect the version of kdebase package as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of kdebase-workspace package as shipped with Red Hat Enterprise Linux 6.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kdebaseNot affected
Red Hat Enterprise Linux 6kdebase-workspaceNot affected
Red Hat Enterprise Linux 7kde-workspaceNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=985355kde-workspace: NULL pointer dereference in KDM and KCheckPass when glibc 2.17 or FIPS-140 enabled system used

EPSS

Процентиль: 74%
0.00832
Низкий

1.9 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-4132

ubuntu
больше 12 лет назад

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.

nvd логотип

CVE-2013-4132

nvd
больше 12 лет назад

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.

debian логотип

CVE-2013-4132

debian
больше 12 лет назад

KDE-Workspace 4.10.5 and earlier does not properly handle the return v ...

github логотип

GHSA-4vrh-wr8w-rqg2

github
больше 3 лет назад

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.

EPSS

Процентиль: 74%
0.00832
Низкий

1.9 Low

CVSS2