FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xdm -- remote denial of service

Affected packages
xdm < 1.1.12


VuXML ID d905b219-c1ca-11e9-8c46-0c9d925bbbc0
Discovery 2013-06-07
Entry 2019-08-18 reports

X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by attempting to log into an account whose password field contains invalid characters, as demonstrated using the crypt function from glibc 2.17 and later with (1) the "!" character in the salt portion of a password field or (2) a password that has been encrypted using DES or MD5 in FIPS-140 mode.


CVE Name CVE-2013-2179