| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 07 Jul 2003 15:52:26 +0000 From: KF <dotslash@...soft.com> To: bugtraq@...urityfocus.com Subject: Re: MacOSX - crash screensaver locked with password and get the desktop back Does anyone care to attach a debugger to the screen saver process and then verify that this is or is not a buffer overflow? -KF Adam H. Pendleton wrote: > Delfim Machado wrote: > >> three days ago i discovered a security issue, with the last MacOSX. >> there is a way to crash the screensaver locked with password and gain >> the desktop. >> > This isn't a new issue; well not exactly. The method for crashing to > screensaver is new to me, but the result isn't. When I first got my > Powerbook (December of last year), it came with a .Mac screensaver > which, IIRC, attempts to load its slideshow images off the Internet. > At the time, I was able to crash the .Mac screensaver by pulling the > network plug while the screensaver was trying to update its images. > Doing this caused the screensaver to crash and the Desktop to return > (despite password locking). I reported this vulnerability to Apple, > but never got a response, and it obviously hasn't been fixed. I don't > have an exact date on when I originally reported it, but I believe it > was sometime in January '03. > > ahp >
Powered by blists - more mailing lists