Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
KDE Sc 空指针逆向引用拒绝服务漏洞
Vulnerability Description
KDE-Workspace是KDE社区发布的一套桌面环境,它包含了构成桌面的组件,如显示管理器(KDM)、会话服务管理(ksmserver)。 KDE-Workspace 4.10.5以及之前版本使用glibc 2.17版本中存在加密问题漏洞,该漏洞源于程序没有正确处理‘pw_encrypt’函数的返回值。远程攻击者可通过在启用了FIPS-140的情况下,向KDM发送(1)无效的salt(2)DES或(3)MD5加密密码,或向KCheckPass发送无效密码利用该漏洞导致拒绝服务(空指针引用以及司机)。
CVSS Information
N/A
Vulnerability Type
N/A