[Bug 857303] New: lightdm/X crashes on empty username
https://bugzilla.novell.com/show_bug.cgi?id=857303 https://bugzilla.novell.com/show_bug.cgi?id=857303#c0 Summary: lightdm/X crashes on empty username Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: x86-64 OS/Version: openSUSE 13.1 Status: NEW Severity: Normal Priority: P5 - None Component: X11 Applications AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: dbischof@hrz.uni-kassel.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0 openSUSE installation updated from 12.3 to 13.1 all patches applied (as of 03. Jan 2013) lightdm/X crashes on simply hitting ENTER (without supplying a username) Reproducible: Always Actual Results: system displays text console Expected Results: system redisplays lightdm login screen System in runlevel 3: ### $ ps aux | grep light root 24898 0.0 0.0 9264 928 tty2 S+ 09:36 0:00 grep --color=auto light ### System in runlevel 5: ### $ ps aux | grep light root 24931 0.0 0.1 267444 5216 ? Sl 09:36 0:00 /usr/sbin/lightdm root 24937 0.0 0.6 289392 27344 tty7 Ssl+ 09:36 0:00 /usr/bin/X :0 -auth /run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch root 24947 0.0 0.0 158020 3480 ? Sl 09:36 0:00 lightdm --session-child 16 19 lightdm 24969 0.0 0.0 37964 2248 ? Ss 09:36 0:00 /usr/lib/systemd/systemd --user lightdm 24970 0.0 0.0 150460 1884 ? S 09:36 0:00 (sd-pam) lightdm 24971 0.0 0.7 392780 28020 ? Ssl 09:36 0:00 /usr/sbin/lightdm-gtk-greeter lightdm 24975 0.0 0.0 14076 528 ? S 09:36 0:00 dbus-launch --autolaunch a044c0e72171dc2e2a90bcbe000004e8 --binary-syntax --close-stderr lightdm 24976 0.0 0.0 24564 880 ? Ss 09:36 0:00 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session root 24987 0.0 0.0 83740 2292 ? S 09:36 0:00 lightdm --session-child 12 19 root 24991 0.0 0.0 9264 928 tty2 S+ 09:36 0:00 grep --color=auto light ### System with lightdm crashed: ### $ ps aux | grep light lightdm 24969 0.0 0.0 37964 2248 ? Ss 09:36 0:00 /usr/lib/systemd/systemd --user lightdm 24970 0.0 0.0 150460 1884 ? S 09:36 0:00 (sd-pam) root 25015 0.0 0.0 9264 928 tty2 S+ 09:37 0:00 grep --color=auto light ### -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=857303 https://bugzilla.novell.com/show_bug.cgi?id=857303#c zhang jiajun <jzhang@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jzhang@suse.com AssignedTo|bnc-team-screening@forge.pr |gber@opensuse.org |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=857303 https://bugzilla.novell.com/show_bug.cgi?id=857303#c1 Guido Berhörster <gber@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |security-team@suse.de See Also| |https://launchpad.net/bugs/ | |1266449 --- Comment #1 from Guido Berhörster <gber@opensuse.org> 2014-01-06 12:43:43 UTC --- This is not a bug in LightDM, rather lightdm-gtk-greeter uses the lightdm-gobject API incorrectly and does not handle lightdm_greeter_get_authentication_user() returning NULL when the username of the previous authentication is invalid resulting in a NULL pointer dereference in start_authentication(). I've added a fix to X11:Utilities/lightdm-gtk-greeter and will take care of a maintenance update for supported releases later. This affects the latest upstream release as well. @security-team: Should this be handled as a security issue? It is basically a local denial of service, any unauthenticated attacker can trigger the greeter crash which then requires an intervention of an admin to restart the xdm service. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=857303 https://bugzilla.novell.com/show_bug.cgi?id=857303#c2 --- Comment #2 from Bernhard Wiedemann <bwiedemann@suse.com> 2014-01-06 15:00:09 CET --- This is an autogenerated message for OBS integration: This bug (857303) was mentioned in https://build.opensuse.org/request/show/212917 Factory / lightdm-gtk-greeter -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=857303 https://bugzilla.novell.com/show_bug.cgi?id=857303#c3 Sebastian Krahmer <krahmer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|security-team@suse.de | --- Comment #3 from Sebastian Krahmer <krahmer@suse.com> 2014-01-06 15:01:45 UTC --- Yes it is. Is it opensuse only? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=857303 https://bugzilla.novell.com/show_bug.cgi?id=857303#c4 Guido Berhörster <gber@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |security-team@suse.de --- Comment #4 from Guido Berhörster <gber@opensuse.org> 2014-01-06 15:40:41 UTC --- (In reply to comment #3)
Yes it is. Is it opensuse only?
No. It also affects all versions. Also, just to clarify, lightdm-gtk-greeter is a separate project and not related to lightdm, upstream is at https://launchpad.net/lightdm-gtk-greeter. I have a maintenance update in home:gberh:branches:OBS_Maintained:lightdm-gtk-greeter. Should I request a CVE? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=857303 https://bugzilla.novell.com/show_bug.cgi?id=857303#c5 Sebastian Krahmer <krahmer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|security-team@suse.de | --- Comment #5 from Sebastian Krahmer <krahmer@suse.com> 2014-01-07 09:48:27 UTC --- Yes please. lightdm-gtk-greeter is opensuse only, not in SLE. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=857303 https://bugzilla.novell.com/show_bug.cgi?id=857303#c6 --- Comment #6 from Guido Berhörster <gber@opensuse.org> 2014-01-07 22:39:14 UTC --- OK, this is now CVE-2014-0979, maintenance update submitted. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=857303 https://bugzilla.novell.com/show_bug.cgi?id=857303#c7 --- Comment #7 from Bernhard Wiedemann <bwiedemann@suse.com> 2014-01-08 00:00:15 CET --- This is an autogenerated message for OBS integration: This bug (857303) was mentioned in https://build.opensuse.org/request/show/213080 13.1+12.2+12.3 / lightdm-gtk-greeter -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=857303 https://bugzilla.novell.com/show_bug.cgi?id=857303#c8 Sebastian Krahmer <krahmer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de Summary|lightdm/X crashes on empty |VUL-0: lightdm/X crashes on |username |empty username Alias| |CVE-2014-0979 --- Comment #8 from Sebastian Krahmer <krahmer@suse.com> 2014-01-08 08:54:35 UTC --- CVE-2014-0979 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=857303 https://bugzilla.novell.com/show_bug.cgi?id=857303#c Sebastian Krahmer <krahmer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|VUL-0: lightdm/X crashes on |VUL-0: CVE-2014-0979: |empty username |lightdm/X crashes on empty | |username -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=857303 https://bugzilla.novell.com/show_bug.cgi?id=857303#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |obs:running:2454:moderate -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=857303 https://bugzilla.novell.com/show_bug.cgi?id=857303#c9 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium --- Comment #9 from Swamp Workflow Management <swamp@suse.de> 2014-01-09 23:00:10 UTC --- bugbot adjusting priority -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=857303 https://bugzilla.novell.com/show_bug.cgi?id=857303#c10 Sebastian Krahmer <krahmer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #10 from Sebastian Krahmer <krahmer@suse.com> 2014-01-15 15:18:25 UTC --- released -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=857303 https://bugzilla.novell.com/show_bug.cgi?id=857303#c11 --- Comment #11 from Swamp Workflow Management <swamp@suse.de> 2014-01-15 16:05:21 UTC --- openSUSE-SU-2014:0071-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 857303 CVE References: CVE-2014-0979 Sources used: openSUSE 13.1 (src): lightdm-gtk-greeter-1.3.1-5.6.1 openSUSE 12.3 (src): lightdm-gtk-greeter-1.3.1-2.5.1 openSUSE 12.2 (src): lightdm-gtk-greeter-1.1.6-2.4.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=857303 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|obs:running:2454:moderate | -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com