CVE-2013-4132

Name of the Vulnerable Software and Affected Versions KDE-Workspace versions 4.10.5 and earlier

Description The issue arises from improper handling of the return value of the glibc 2.17 crypt and pw encrypt functions. This allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and crash. The attack can be initiated via an invalid salt or a DES or MD5 encrypted password when FIPS-140 is enabled, targeting KDM, or through an invalid password to KCheckPass.

Recommendations For KDE-Workspace versions 4.10.5 and earlier, consider updating to a version that properly handles the return value of the glibc crypt and pw encrypt functions to prevent the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.