| Summary: | lightdm-gtk-greeter new security issue CVE-2014-0979 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | cmrisolde, jani.valimaa, oe, stormi-mageia, sysadmin-bugs, tmb |
| Version: | 3 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/580567/ | ||
| Whiteboard: | has_procedure advisory MGA3-32-OK mga3-64-ok | ||
| Source RPM: | lightdm-gtk-greeter-1.3.1-6.mga3.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2014-01-08 02:43:05 CET
David Walser
2014-01-08 02:43:18 CET
Whiteboard:
(none) =>
MGA3TOO lightdm-gtk-greeter-1.6.1-3.mga4 uploaded for Cauldron. Version:
Cauldron =>
3 Patched package uploaded for Mageia 3. Advisory: ======================== Updated lightdm-gtk-greeter package fixes security vulnerability: lightdm-gtk-greeter uses the lightdm-gobject API incorrectly and does not handle lightdm_greeter_get_authentication_user() returning NULL when the username of the previous authentication is invalid resulting in a NULL pointer dereference in start_authentication(). This constitutes a local denial of service which can be triggered by any unprivileged attacker requiring the intervention of an administrator to restart lightdm (CVE-2014-0979). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0979 http://openwall.com/lists/oss-security/2014/01/07/5 https://bugzilla.novell.com/show_bug.cgi?id=857303 ======================== Updated packages in core/updates_testing: ======================== lightdm-gtk-greeter-1.3.1-6.1.mga3 from lightdm-gtk-greeter-1.3.1-6.1.mga3.src.rpm Assignee:
bugsquad =>
qa-bugs Unable to confirm issue. After switching to lightdm, the login prompt doesn't allow for an empty username, there's a drop-down menu you have to choose from. CC:
(none) =>
isolde OpenSuSE has issued an advisory for this today (January 15): http://lists.opensuse.org/opensuse-updates/2014-01/msg00048.html Updating the reference in the advisory. Advisory: ======================== Updated lightdm-gtk-greeter package fixes security vulnerability: lightdm-gtk-greeter uses the lightdm-gobject API incorrectly and does not handle lightdm_greeter_get_authentication_user() returning NULL when the username of the previous authentication is invalid resulting in a NULL pointer dereference in start_authentication(). This constitutes a local denial of service which can be triggered by any unprivileged attacker requiring the intervention of an administrator to restart lightdm (CVE-2014-0979). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0979 http://openwall.com/lists/oss-security/2014/01/07/5 http://lists.opensuse.org/opensuse-updates/2014-01/msg00048.html ======================== Updated packages in core/updates_testing: ======================== lightdm-gtk-greeter-1.3.1-6.1.mga3 from lightdm-gtk-greeter-1.3.1-6.1.mga3.src.rpm URL:
(none) =>
http://lwn.net/Vulnerabilities/580567/
Samuel Verschelde
2014-01-22 11:23:58 CET
CC:
(none) =>
jani.valimaa, stormi Wally, if know how to trigger the issue so that we can test the fix, that would be helpful :) Dave was able to trigger it in Cauldron before I fixed it there. See Comment 0. I can reproduce, after installing light-dm-greeter and its dependencies, and setting it as the default in MCC. To Carolyn: you missed the "other" option in the drop-down menu, that offers to type your username. lightdm crashes indeed. No big deal since the dm service restarts it instantly, but there's nothing bad in fixing it :) After installing the update candidate, no more crash. Testing complete MGA3 32. Whiteboard:
(none) =>
has_procedure MGA3-32-OK Name: CVE-2014-0979 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0979 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20140107 Category: Reference: MLIST:[oss-security] 20140107 Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference Reference: URL:http://www.openwall.com/lists/oss-security/2014/01/07/15 Reference: CONFIRM:https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449 Reference: CONFIRM:https://bugzilla.novell.com/show_bug.cgi?id=857303 Reference: SUSE:openSUSE-SU-2014:0071 Reference: URL:http://lists.opensuse.org/opensuse-updates/2014-01/msg00048.html Reference: SECUNIA:56211 Reference: URL:http://secunia.com/advisories/56211 Reference: SECUNIA:56423 Reference: URL:http://secunia.com/advisories/56423 The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username. CC:
(none) =>
oe Testing complete mga3 64 Advisory uploaded. Validating. Could sysadmin please push from 3 core/updates_testing to updates Thanks! Keywords:
(none) =>
validated_update Update pushed: http://advisories.mageia.org/MGASA-2014-0026.html Status:
NEW =>
RESOLVED |