CVE-2016-6866

Source
Severity Medium
Remote No
Type Access restriction bypass
Description
A null pointer dereference vulnerability has been discovered in the screen locking application slock. It calls crypt(3) and uses the return value for strcmp(3) without checking to see if the return value of crypt(3) was a NULL pointer. If the hash returned by (getspnam()->sp_pwdp) is invalid, crypt(3) will return NULL and set errno to EINVAL. This will cause slock to segfault which then leaves the machine unprotected. A couple of common scenarios where this
might happen are:

- a machine using NSS for authentication; on the machine this bug was discovered, (getspnam()->sp_pwdp) returns "*".
- the user's account has been disabled for one reason or another; maybe account expiry or password expiry.
Group Package Affected Fixed Severity Status Ticket
AVG-77 slock 1.3-1 1.4-2 Medium Fixed
Date Advisory Group Package Severity Description
21 Nov 2016 ASA-201611-21 AVG-77 slock Medium access restriction bypass
References
http://seclists.org/oss-sec/2016/q3/333