| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: rpande at vt.edu (Rishi Pande) Subject: woops!!! Re: Work-around solution to : Apple Mac OS X Screen Saver Password Prompt Buffer Overflow Vulnerability You are right, the e-macs technique works on my I-book. I tried the good old "keyboard mash for 5 minutes" on the G4 desktops and that didn't work. I will try it again tomorrow morning. Apologies for the incorrect info. Rishi On Tuesday, July 8, 2003, at 07:41 PM, petard wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > >> With regards to the above vulnerability, I tested 3 Machines (1: G4 >> 450 & 2: Dual G4 1.2G) They all had the mentioned screen saver >> vulnerability. >> However, a work-around solution is if you use "Key-chain access" and >> lock screen instead of using the "hot-spot" method. The end effects >> are >> the same using both but the buffer overflow is avoided using the >> former >> method. > > Using your method of locking the screen, my machine (G4 1GHz, 10.2.6) > is still > vulnerable. I was able to get in in under 20 seconds using the emacs > shortcuts, > same as before. > > Regards, > petard > > - -- > "I say we institute [...] roving squadrons of Darren Reed clones to > bore yuppie scum like this to death with the inherent merits of ipf > over pf." > -- Anonymous Coward, OpenBSD Journal (http://deadly.org/) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (NetBSD) > > iD8DBQE/C1aOgkiZ59A0kiQRAh/bAJ9T1pddXRk3xWwWYOEgZUKavr9N0QCcCWsR > TPlO0+IssU09RilIWuOvmFk= > =c3KH > -----END PGP SIGNATURE----- >
Powered by blists - more mailing lists