[LightDM] [oss-security] CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference

[Yves-Alexis Perez]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Tue, Jan 07, 2014 at 11:47:31AM +0100, Guido Berhoerster wrote:
> Hi,
> 
> an openSUSE user discovered that it is trivial to crash
> lightdm-gtk-greeter by entering an empty username due to a NULL
> pointer dereference. When a greeter crashes the lightdm daemon
> exits.
> This constitutes a local denial of service which can be triggered
> by any unprivileged attacker requiring the intervention of an
> administrator to restart lightdm. It affects all versions of
> lightdm-gtk-greeter.

I've just checked in Debian Wheezy (lightdm 1.2.2, lightdm-gtk-greeter
1.1.6), and a crashed greeter (because of that NULL username) doesn't
lead to a lightdm exit.

I'm not sure what was the reason for changing that (if there's a
reason), but it might be a problem in itself.

Regards,
- -- 
Yves-Alexis Perez
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBCgAGBQJSzF8PAAoJEG3bU/KmdcClVR8H/jRLkzUzniSxOifUSslX7a8U
+fw3efTrj5OZUlVlrwskj1Lvt0v9Pd+639p41FVCFTTfWCcARw0kPo9M13+hXM5V
nooy91SMDoOqZ+Ok9lpqIfpRSnQRWMt4c9H6eTSCr2TfNhw/3smMy6zpJqjMUnWU
o5R3vqxsdySgYIdVG90RPQ81+jlYTThthZWN9zRE9tnnOSQK++A9/YxKnfWCr77A
bS0CE9a0CAvfosMxaeHdLtNLUN0c0EDHZENX89XUd6xCy9m2UYYR0BSxEq30dAJG
UrlHVy0F65jt9G8H+8EuCMQXbdWjJNOI2s+fP04n/HodZUvsO3P/0w9BtjHTAEs=
=JlIY
-----END PGP SIGNATURE-----