CVE-2014-0979 | Vulnerability Database | Aqua Security

The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username.

Affected Software

Name	Vendor	Start Version	End Version
Opensuse	Opensuse	12.2 (including)	12.2 (including)
Opensuse	Opensuse	12.3 (including)	12.3 (including)
Opensuse	Opensuse	13.1 (including)	13.1 (including)
Lightdm-gtk-greeter	Ubuntu	precise	*
Lightdm-gtk-greeter	Ubuntu	quantal	*
Lightdm-gtk-greeter	Ubuntu	raring	*
Lightdm-gtk-greeter	Ubuntu	saucy	*
Lightdm-gtk-greeter	Ubuntu	upstream	*

References

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128117.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128150.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00048.html
http://secunia.com/advisories/56211
http://secunia.com/advisories/56423
http://www.openwall.com/lists/oss-security/2014/01/07/15
http://www.securityfocus.com/bid/64679
https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449
https://bugzilla.novell.com/show_bug.cgi?id=857303
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128117.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128150.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00048.html
http://secunia.com/advisories/56211
http://secunia.com/advisories/56423
http://www.openwall.com/lists/oss-security/2014/01/07/15
http://www.securityfocus.com/bid/64679
https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449
https://bugzilla.novell.com/show_bug.cgi?id=857303

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-0979
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html