X.Org xdm 1.1.10, 1.1.11, and possibly other versions,
when performing authentication using certain implementations of
the crypt API function that can return NULL, allows remote
attackers to cause a denial of service (NULL pointer dereference
and crash) by attempting to log into an account whose password
field contains invalid characters, as demonstrated using the crypt
function from glibc 2.17 and later with (1) the "!" character in
the salt portion of a password field or (2) a password that has
been encrypted using DES or MD5 in FIPS-140 mode.