CVE-2013-4132

NameCVE-2013-4132
DescriptionKDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs717180

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kde-workspacesourcewheezy(not affected)
kde-workspacesource(unstable)4:4.10.5-3717180
kdebase-workspacesource(unstable)(not affected)

Notes

[wheezy] - kde-workspace <not-affected> (Only exploitable with glibc 2.17)
- kdebase-workspace <not-affected> (Only exploitable with glibc 2.17)
https://git.reviewboard.kde.org/r/111261/
https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/45b7f137fbc0b942fd2c9b4e8d8c1f0293e64ba7
only relevant with eglibc >= 2.17.

Search for package or bug name: Reporting problems