Denial of Service Vulnerability in KDE Workspace Product by KDE
CVE-2013-4132

Currently unrated

Key Information:

Vendor

Kde

Status
Kde Sc
Kde-workspace
Vendor
CVE Published:
16 September 2013

What is CVE-2013-4132?

KDE Workspace versions 4.10.5 and older are vulnerable due to improper handling of return values from the glibc crypt and pw_encrypt functions. This flaw can allow remote attackers to trigger a denial of service condition resulting in a NULL pointer dereference and crash. The issue arises when FIPS-140 is enabled, impacting services like KDM and KCheckPass when faced with invalid inputs such as an incorrect salt, DES or MD5 encrypted passwords, or invalid user passwords.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.opensuse.org/opensuse-updates/2013-08/msg000...
vendor-advisoryx_refsource_SUSE
http://seclists.org/oss-sec/2013/q3/117
mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-updates/2013-07/msg000...
vendor-advisoryx_refsource_SUSE

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.