lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3F09973A.1050008@snosoft.com>
Date: Mon, 07 Jul 2003 15:52:26 +0000
From: KF <dotslash@...soft.com>
To: bugtraq@...urityfocus.com
Subject: Re: MacOSX - crash screensaver locked with password and get the	desktop
 back


Does anyone care to attach a debugger to the screen saver process and 
then verify that this is or is not a buffer overflow?
-KF


Adam H. Pendleton wrote:

> Delfim Machado wrote:
>
>> three days ago i discovered a security issue, with the last MacOSX.
>> there is a way to crash the screensaver locked with password and gain
>> the desktop.
>>
> This isn't a new issue; well not exactly.  The method for crashing to 
> screensaver is new to me, but the result isn't.  When I first got my 
> Powerbook (December of last year), it came with a .Mac screensaver 
> which, IIRC, attempts to load its slideshow images off the Internet.  
> At the time, I was able to crash the .Mac screensaver by pulling the 
> network plug while the screensaver was trying to update its images.  
> Doing this caused the screensaver to crash and the Desktop to return 
> (despite password locking).  I reported this vulnerability to Apple, 
> but never got a response, and it obviously hasn't been fixed.  I don't 
> have an exact date on when I originally reported it, but I believe it 
> was sometime in January '03.
>
> ahp
>




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ