CVE-2013-4412 – CVE-2013-4412 is a NULL pointer dereference vul... (How to Fix)

Q: What is the severity of CVE-2013-4412?

CVE-2013-4412 has a CVSS score of 7.5 (HIGH). CVE-2013-4412 is a NULL pointer dereference vulnerability in the slim display manager when using the crypt() method from glibc 2.17. This vulnerability can cause denial of service (DoS) by crashing the slim service, potentially preventing users from logging into graphical sessions. Systems running slim with glibc 2.17 are affected.

📋 TL;DR

CVE-2013-4412 is a NULL pointer dereference vulnerability in the slim display manager when using the crypt() method from glibc 2.17. This vulnerability can cause denial of service (DoS) by crashing the slim service, potentially preventing users from logging into graphical sessions. Systems running slim with glibc 2.17 are affected.

💻 Affected Systems

Products:

slim (Simple Login Manager)

Versions: All versions prior to patched releases

Operating Systems: Linux distributions using glibc 2.17

Default Config Vulnerable: ⚠️ Yes

Notes: Requires specific glibc 2.17 crypt() behavior. Systems using PAM or other authentication methods may not be vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service preventing all graphical logins, requiring physical console access or remote SSH to restore service.

🟠

Likely Case

Intermittent crashes of slim service causing temporary login failures until service restarts automatically or manually.

🟢

If Mitigated

Minimal impact with service restart policies or alternative login methods available.

🌐 Internet-Facing: LOW - slim typically runs locally and is not directly exposed to internet.

🏢 Internal Only: MEDIUM - Local users or network services could trigger the crash affecting all users of the system.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to trigger authentication attempts through slim. Proof of concept code was published in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check distribution-specific updates (e.g., slim 1.3.6-5 for Debian/Ubuntu)

Vendor Advisory: https://access.redhat.com/security/cve/cve-2013-4412

Restart Required: Yes

Instructions:

1. Update slim package using your distribution's package manager. 2. Restart slim service or reboot system. 3. For source installations: apply upstream patches and recompile.

🔧 Temporary Workarounds

Switch to alternative display manager

linux

Replace slim with gdm, lightdm, or xdm to avoid the vulnerable component

sudo apt-get install gdm3
sudo systemctl set-default graphical.target
sudo systemctl disable slim
sudo systemctl enable gdm3

Disable slim service

linux

Temporarily disable slim and use console login only

sudo systemctl stop slim
sudo systemctl disable slim

🧯 If You Can't Patch

Implement monitoring and automatic restart for slim service crashes
Restrict local access to systems running vulnerable slim versions

🔍 How to Verify

Check if Vulnerable:

Check if slim is installed and glibc version is 2.17: dpkg -l | grep slim && ldd --version | head -1

Check Version:

dpkg -s slim | grep Version || rpm -q slim

Verify Fix Applied:

Verify slim package version is updated and service runs without crashes during authentication attempts

📡 Detection & Monitoring

Log Indicators:

slim service crashes in system logs
segmentation fault errors in /var/log/slim.log
repeated service restarts

Network Indicators:

No direct network indicators as this is local service

SIEM Query:

source="systemd" AND "slim" AND ("segmentation fault" OR "SIGSEGV" OR "core dumped")

📊 Metadata

CVE ID: CVE-2013-4412

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: November 4, 2019

Last Updated: November 21, 2024

🔗 References

http://www.openwall.com/lists/oss-security/2013/10/09/6 Mailing List,Third Party Advisory
http://www.securityfocus.com/bid/62906 Third Party Advisory,VDB Entry
https://access.redhat.com/security/cve/cve-2013-4412 Broken Link,Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4412 Issue Tracking,Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/89675 Third Party Advisory,VDB Entry
https://security-tracker.debian.org/tracker/CVE-2013-4412 Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/10/09/6 Mailing List,Third Party Advisory
http://www.securityfocus.com/bid/62906 Third Party Advisory,VDB Entry
https://access.redhat.com/security/cve/cve-2013-4412 Broken Link,Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4412 Issue Tracking,Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/89675 Third Party Advisory,VDB Entry
https://security-tracker.debian.org/tracker/CVE-2013-4412 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2013-4412, you might also want to check these: