desktop-packages team mailing list archive

Thread
Date

[Bug 1516831] Re: XDMCP Request packet with no addresses crashes LightDM

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Yves-Alexis Perez <corsac@xxxxxxxxxx>
Date: Tue, 24 Nov 2015 22:06:41 -0000
Reply-to: Bug 1516831 <1516831@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8316

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1516831

Title:
  XDMCP Request packet with no addresses crashes LightDM

Status in Light Display Manager:
  Fix Released
Status in Light Display Manager 1.14 series:
  Fix Released
Status in Light Display Manager 1.16 series:
  Fix Released
Status in lightdm package in Ubuntu:
  Fix Committed
Status in lightdm source package in Wily:
  Fix Committed

Bug description:
  [Impact]
  If LightDM receives an XDMCP Request packet with no addresses then it will attempt to access a negative index into an array and crash. This only occurs if the XDMCP server is enabled.

  [Test Case]
  1. Enable XDMCP in lightdm.conf:
  [XDMCPServer]
  enabled=true
  2. Start LightDM
  3. Send an XDMCP Request without an empty addresses field (valid XDMCP servers do not send this).

  Expected result:
  The request is ignored.

  Observed result:
  LightDM crashes.

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1516831/+subscriptions