Vulnerability CVE-2013-4132

Vulnerability Name:

CVE-2013-4132 (CCN-85798)

Assigned:

2013-07-17

Published:

2013-07-17

Updated:

2018-10-30

Summary:

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-310

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2013-4132

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:1253

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:1291

Source: MLIST
Type: UNKNOWN
[oss-security] 20130716 Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws

Source: MLIST
Type: UNKNOWN
[oss-security] 20130716 Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws

Source: CCN
Type: KDE Web site
workspace

Source: CCN
Type: BID-61191
KDE Sc CVE-2013-4132 NULL Pointer Dereference Denial of Service Vulnerability

Source: CCN
Type: Red Hat Bugzilla Bug 985355
CVE-2013-4132 kde-workspace: NULL pointer dereference in KDM and KCheckPass when glibc 2.17 or FIPS-140 enabled system used

Source: XF
Type: UNKNOWN
kde-workspace-cve20134132-dos(85798)

Source: CONFIRM
Type: UNKNOWN
https://git.reviewboard.kde.org/r/111261/

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-4132

Vulnerable Configuration:

Configuration 1:

cpe:/a:kde:kde-workspace:*:*:*:*:*:*:*:* (Version <= 4.10.5)

OR cpe:/a:kde:kde_sc:*:*:*:*:*:*:*:* (Version <= 4.10.5)

Configuration 2:

cpe:/o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20134132	V	CVE-2013-4132	2022-05-20
oval:org.opensuse.security:def:32289	P	Security update for libvirt (Important)	2022-01-10
oval:org.opensuse.security:def:32233	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:26178	P	Security update for the Linux Kernel (Important)	2021-12-02
oval:org.opensuse.security:def:30155	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:33053	P	Security update for xen (Moderate)	2021-12-01
oval:org.opensuse.security:def:31709	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:30259	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:26132	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:55949	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:32996	P	Security update for xerces-c (Important)	2021-09-03
oval:org.opensuse.security:def:33949	P	Security update for qemu (Important)	2021-07-28
oval:org.opensuse.security:def:30210	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:55911	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:56030	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:36425	P	kdebase4-workspace-devel-4.3.5-0.12.18.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42564	P	kde4-kgreeter-plugins-4.3.5-0.12.18.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36157	P	kde4-kgreeter-plugins-4.3.5-0.12.18.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:33660	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:55186	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:31623	P	Security update for libxml2 (Important)	2021-05-19
oval:org.opensuse.security:def:26050	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:26048	P	Security update for the Linux Kernel (Important)	2021-05-13
oval:org.opensuse.security:def:32077	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:30002	P	Security update for xen (Important)	2021-04-20
oval:org.opensuse.security:def:34410	P	Security update for the Linux Kernel (Important)	2021-04-16
oval:org.opensuse.security:def:33892	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:33102	P	Security update for openssl (Moderate)	2021-03-24
oval:org.opensuse.security:def:28956	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2021-03-17
oval:org.opensuse.security:def:34038	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:33081	P	Security update for postgresql13 (Moderate)	2021-02-22
oval:org.opensuse.security:def:55837	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:31624	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:31635	P	Security update for java-1_7_1-ibm (Moderate)	2021-01-04
oval:org.opensuse.security:def:33885	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:34341	P	Security update for PackageKit (Low)	2020-12-22
oval:org.opensuse.security:def:25975	P	Security update for openssl-1_0_0 (Important)	2020-12-09
oval:org.opensuse.security:def:57380	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:32378	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25991	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:27845	P	Recommended update for openldap2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27155	P	kde4-kgreeter-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27471	P	libpixman-1-0-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55352	P	perl-Tk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34302	P	Security update for quagga	2020-12-01
oval:org.opensuse.security:def:28682	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:28367	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:54669	P	rhythmbox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32753	P	nagios-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27003	P	opie on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33577	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:26316	P	Recommended update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:33164	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26336	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:28663	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:26706	P	ghostscript-fonts-other on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29833	P	Security update for kdebase4-workspace	2020-12-01
oval:org.opensuse.security:def:29556	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31841	P	Security update for bzip2 (Important)	2020-12-01
oval:org.opensuse.security:def:26283	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27986	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32377	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25910	P	Security update for gstreamer-0_10-plugins-base (Low)	2020-12-01
oval:org.opensuse.security:def:27694	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:27120	P	expat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25974	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:27343	P	curl-openssl1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29916	P	Security update for libcroco (Moderate)	2020-12-01
oval:org.opensuse.security:def:34253	P	Security update for postgresql91	2020-12-01
oval:org.opensuse.security:def:28044	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:54529	P	libXvMC1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32696	P	krb5-plugin-kdb-ldap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26954	P	libltdl7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30317	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:33566	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26259	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:33141	P	libblkid1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27423	P	kdebase4-workspace-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26325	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:28578	P	Security update for pixman	2020-12-01
oval:org.opensuse.security:def:26424	P	Security update for enigmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:29797	P	Security update for hunspell (Low)	2020-12-01
oval:org.opensuse.security:def:29555	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:27947	P	Security update for GraphicsMagick (Low)	2020-12-01
oval:org.opensuse.security:def:32443	P	Security update for xen (Moderate)	2020-12-01
oval:org.opensuse.security:def:25782	P	Security update for evolution-data-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:26666	P	amavisd-new on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55745	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:34366	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:27279	P	python-pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29859	P	Security update for Linux kernel	2020-12-01
oval:org.opensuse.security:def:27056	P	xdg-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31036	P	Security update for kdebase4-workspace	2020-12-01
oval:org.opensuse.security:def:54507	P	krb5-appl-clients on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32602	P	ruby on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26551	P	fvwm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29098	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:33846	P	Security update for guile (Low)	2020-12-01
oval:org.opensuse.security:def:33565	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:28804	P	Security update for openvpn	2020-12-01
oval:org.opensuse.security:def:32338	P	Security update for sblim-sfcb (Moderate)	2020-12-01
oval:org.opensuse.security:def:27388	P	dbus-1-glib-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26324	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:28447	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:26385	P	Security update for go (Moderate)	2020-12-01
oval:org.opensuse.security:def:29159	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:27898	P	Security update for wireshark	2020-12-01
oval:org.opensuse.security:def:35088	P	Security update for kdebase4-workspace	2020-12-01
oval:org.opensuse.security:def:25718	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:26609	P	libxslt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27773	P	Security update for kdebase4-workspace	2020-12-01
oval:org.opensuse.security:def:27268	P	popt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29772	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:32840	P	coolkey on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26692	P	evince on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30999	P	Security update for IBM Java	2020-12-01
oval:org.opensuse.security:def:54506	P	krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32467	P	Security update for xorg-x11-libs (Moderate)	2020-12-01
oval:org.opensuse.security:def:29059	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:33208	P	mozilla-xulrunner192 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27610	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:26482	P	Security update for ffmpeg-4 (Low)	2020-12-01
oval:org.opensuse.security:def:28379	P	Security update for ruby (Moderate)	2020-12-01
oval:org.opensuse.security:def:55080	P	cracklib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34195	P	Security update for pango	2020-12-01
oval:org.opensuse.security:def:28000	P	Security update for SDL (Moderate)	2020-12-01
oval:org.opensuse.security:def:33796	P	Security update for gcc43 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26901	P	g3utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30298	P	Security update for strongswan (Important)	2020-12-01
oval:org.opensuse.security:def:35048	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:25707	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:26528	P	bzip2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27738	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:27267	P	perl-spamassassin on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29640	P	Security update for cracklib (Moderate)	2020-12-01
oval:org.opensuse.security:def:31990	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26653	P	xorg-x11-Xvnc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30361	P	Security update for wget (Moderate)	2020-12-01
oval:org.opensuse.security:def:32389	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:29010	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:32399	P	Security update for unzip (Moderate)	2020-12-01
oval:org.opensuse.security:def:25986	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:27553	P	rubygem-actionmailer-3_2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55637	P	Security update for unzip (Moderate)	2020-12-01
oval:org.opensuse.security:def:26438	P	Security update for ansible (Moderate)	2020-12-01
oval:org.opensuse.security:def:28717	P	Security update for kdebase4-workspace	2020-12-01
oval:org.opensuse.security:def:28368	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:54907	P	libpcsclite1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27042	P	taglib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57306	P	Security update for cabextract	2020-12-01
oval:org.opensuse.security:def:26750	P	libicu-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25706	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:26400	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:28720	P	Security update for kdelibs4	2020-12-01
oval:org.opensuse.security:def:27100	P	cpio on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29567	P	Security update for OpenOffice_org	2020-12-01
oval:org.opensuse.security:def:31933	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:26604	P	libsoup-2_4-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29115	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:33120	P	kde4-kgreeter-plugins on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:25826	P	SUSE-SU-2014:0885-1 -- Security update for kdebase4-workspace	2014-09-15
oval:org.opensuse.security:def:80014	P	Security update for kdebase4-workspace	2014-06-30
oval:com.ubuntu.precise:def:20134132000	V	CVE-2013-4132 on Ubuntu 12.04 LTS (precise) - low.	2013-09-16

BACK