[30656] in bugtraq
Re: MacOSX - crash screensaver locked with password and get the desktop
daemon@ATHENA.MIT.EDU (KF)
Tue Jul 8 20:04:29 2003
Message-ID: <3F09973A.1050008@snosoft.com>
Date: Mon, 07 Jul 2003 15:52:26 +0000
From: KF <dotslash@snosoft.com>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
In-Reply-To: <3F098D4D.10600@fmonkey.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Does anyone care to attach a debugger to the screen saver process and
then verify that this is or is not a buffer overflow?
-KF
Adam H. Pendleton wrote:
> Delfim Machado wrote:
>
>> three days ago i discovered a security issue, with the last MacOSX.
>> there is a way to crash the screensaver locked with password and gain
>> the desktop.
>>
> This isn't a new issue; well not exactly. The method for crashing to
> screensaver is new to me, but the result isn't. When I first got my
> Powerbook (December of last year), it came with a .Mac screensaver
> which, IIRC, attempts to load its slideshow images off the Internet.
> At the time, I was able to crash the .Mac screensaver by pulling the
> network plug while the screensaver was trying to update its images.
> Doing this caused the screensaver to crash and the Desktop to return
> (despite password locking). I reported this vulnerability to Apple,
> but never got a response, and it obviously hasn't been fixed. I don't
> have an exact date on when I originally reported it, but I believe it
> was sometime in January '03.
>
> ahp
>
