CVE-2014-0979

Name of the Vulnerable Software and Affected Versions LightDM GTK+ Greeter versions prior to 1.7.1

Description The issue arises from the start authentication function in lightdm-gtk-greeter.c, which fails to handle the return value from the lightdm greeter get authentication user function correctly. This allows local users to cause a denial of service, specifically a NULL pointer dereference, by providing an empty username.

Recommendations For versions prior to 1.7.1, update to version 1.7.1 or later to resolve the issue. As a temporary workaround, consider validating user input to prevent empty usernames from being processed by the start authentication function.