CVE-2013-4132

2013-09-1619:14:38

CWE-310

redhat

web.nvd.nist.gov

cve-2013-4132

kde-workspace

glibc

denial of service

remote attackers

fips-140

kdm

kcheckpass

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

7.4

Confidence

High

EPSS

0.004

Percentile

73.7%

JSON

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.

Affected configurations

Nvd

Node

kdekde-workspaceRange≤4.10.5

kdekde_scRange≤4.10.5

Node

opensuseopensuseMatch12.2

VendorProductVersionCPE
kdekde-workspace*cpe:2.3:a:kde:kde-workspace:*:*:*:*:*:*:*:*
kdekde_sc*cpe:2.3:a:kde:kde_sc:*:*:*:*:*:*:*:*
opensuseopensuse12.2cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kde	kde-workspace	*	cpe:2.3:a:kde:kde-workspace::::::::
kde	kde_sc	*	cpe:2.3:a:kde:kde_sc::::::::
opensuse	opensuse	12.2	cpe:2.3:o:opensuse:opensuse:12.2:::::::*