Vulnerability Details : CVE-2013-4143
The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts.
Products affected by CVE-2013-4143
- cpe:2.3:a:david_bagley:xlockmore:*:*:*:*:*:*:*:*
- cpe:2.3:a:david_bagley:xlockmore:5.35:*:*:*:*:*:*:*
- cpe:2.3:a:david_bagley:xlockmore:5.33:*:*:*:*:*:*:*
- cpe:2.3:a:david_bagley:xlockmore:5.26:*:*:*:*:*:*:*
- cpe:2.3:a:david_bagley:xlockmore:5.24:*:*:*:*:*:*:*
- cpe:2.3:a:david_bagley:xlockmore:5.31:*:*:*:*:*:*:*
- cpe:2.3:a:david_bagley:xlockmore:5.30:*:*:*:*:*:*:*
- cpe:2.3:a:david_bagley:xlockmore:5.29:*:*:*:*:*:*:*
- cpe:2.3:a:david_bagley:xlockmore:5.28:*:*:*:*:*:*:*
- cpe:2.3:a:david_bagley:xlockmore:5.40:*:*:*:*:*:*:*
- cpe:2.3:a:david_bagley:xlockmore:5.39:*:*:*:*:*:*:*
- cpe:2.3:a:david_bagley:xlockmore:5.38:*:*:*:*:*:*:*
- cpe:2.3:a:david_bagley:xlockmore:5.37:*:*:*:*:*:*:*
- cpe:2.3:a:david_bagley:xlockmore:5.41:*:*:*:*:*:*:*
- cpe:2.3:a:david_bagley:xlockmore:5.36:*:*:*:*:*:*:*
- cpe:2.3:a:david_bagley:xlockmore:5.34:*:*:*:*:*:*:*
- cpe:2.3:a:david_bagley:xlockmore:5.32:*:*:*:*:*:*:*
- cpe:2.3:a:david_bagley:xlockmore:5.27:*:*:*:*:*:*:*
- cpe:2.3:a:david_bagley:xlockmore:5.25:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4143
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4143
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST |
References for CVE-2013-4143
-
http://www.tux.org/~bagleyd/xlock/xlockmore.README
Page not found | Tux.orgVendor Advisory
-
http://openwall.com/lists/oss-security/2013/07/16/8
oss-security - CVE Request - xlockmore 5.43 fixes a security flaw
-
http://openwall.com/lists/oss-security/2013/07/18/6
oss-security - Re: CVE Request - xlockmore 5.43 fixes a security flaw
Jump to