Arch Linux Security Advisory ASA-201611-21 ========================================== Severity: Medium Date : 2016-11-21 CVE-ID : CVE-2016-6866 Package : slock Type : access restriction bypass Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package slock before version 1.4-2 is vulnerable to access restriction bypass. Resolution ========== Upgrade to 1.4-2. # pacman -Syu "slock>=1.4-2" The problem has been fixed upstream in version 1.4. Workaround ========== None. Description =========== A null pointer dereference vulnerability has been discovered in the screen locking application slock. It calls crypt(3) and uses the return value for strcmp(3) without checking to see if the return value of crypt(3) was a NULL pointer. If the hash returned by (getspnam()->sp_pwdp) is invalid, crypt(3) will return NULL and set errno to EINVAL. This will cause slock to segfault which then leaves the machine unprotected. A couple of common scenarios where this might happen are: - a machine using NSS for authentication; on the machine this bug was discovered, (getspnam()->sp_pwdp) returns "*". - the user's account has been disabled for one reason or another; maybe account expiry or password expiry. Impact ====== A local attacker might be able to bypass access restrictions when locking the screen fails under certain circumstances. References ========== http://seclists.org/oss-sec/2016/q3/333 https://access.redhat.com/security/cve/CVE-2016-6866