Denial of Service Vulnerability in KDE Workspace Product by KDE
CVE-2013-4132

Currently unrated

Key Information:

Vendor: Kde
Status: Kde Sc; Kde-workspace
Vendor: CVE Published:; 16 September 2013

What is CVE-2013-4132?

KDE Workspace versions 4.10.5 and older are vulnerable due to improper handling of return values from the glibc crypt and pw_encrypt functions. This flaw can allow remote attackers to trigger a denial of service condition resulting in a NULL pointer dereference and crash. The issue arises when FIPS-140 is enabled, impacting services like KDM and KCheckPass when faced with invalid inputs such as an incorrect salt, DES or MD5 encrypted passwords, or invalid user passwords.

References

http://lists.opensuse.org/opensuse-updates/2013-08/msg000...

vendor-advisoryx_refsource_SUSE

http://seclists.org/oss-sec/2013/q3/117

mailing-listx_refsource_MLIST

http://lists.opensuse.org/opensuse-updates/2013-07/msg000...

vendor-advisoryx_refsource_SUSE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2013
Vulnerability Reserved
Jun 12, 2013

CVE-2013-4132 Data

JSON

Kde

What is CVE-2013-4132?

References

Timeline