vulnerability
Arch Linux: Access restriction bypass (CVE-2016-6866)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Feb 15, 2017 | Jul 11, 2025 | Nov 27, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Feb 15, 2017
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
A null pointer dereference vulnerability has been discovered in the screen locking application slock. It calls crypt(3) and uses the return value for strcmp(3) without checking to see if the return value of crypt(3) was a NULL pointer. If the hash returned by (getspnam()->sp_pwdp) is invalid, crypt(3) will return NULL and set errno to EINVAL. This will cause slock to segfault which then leaves the machine unprotected. A couple of common scenarios where this
might happen are:
- a machine using NSS for authentication; on the machine this bug was discovered, (getspnam()->sp_pwdp) returns "*".
- the user's account has been disabled for one reason or another; maybe account expiry or password expiry.
might happen are:
- a machine using NSS for authentication; on the machine this bug was discovered, (getspnam()->sp_pwdp) returns "*".
- the user's account has been disabled for one reason or another; maybe account expiry or password expiry.
Solution
arch-linux-upgrade-latest
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.