[arch-security] [ASA-201611-21] slock: access restriction bypass
anthraxx at archlinux.org
Mon Nov 21 15:14:28 UTC 2016
Arch Linux Security Advisory ASA-201611-21
Date : 2016-11-21
CVE-ID : CVE-2016-6866
Package : slock
Type : access restriction bypass
Remote : No
Link : https://wiki.archlinux.org/index.php/CVE
The package slock before version 1.4-2 is vulnerable to access
Upgrade to 1.4-2.
# pacman -Syu "slock>=1.4-2"
The problem has been fixed upstream in version 1.4.
A null pointer dereference vulnerability has been discovered in the
screen locking application slock. It calls crypt(3) and uses the return
value for strcmp(3) without checking to see if the return value of
crypt(3) was a NULL pointer. If the hash returned by
(getspnam()->sp_pwdp) is invalid, crypt(3) will return NULL and set
errno to EINVAL. This will cause slock to segfault which then leaves
the machine unprotected. A couple of common scenarios where this
might happen are:
- a machine using NSS for authentication; on the machine this bug was
discovered, (getspnam()->sp_pwdp) returns "*".
- the user's account has been disabled for one reason or another; maybe
account expiry or password expiry.
A local attacker might be able to bypass access restrictions when
locking the screen fails under certain circumstances.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the arch-security