Full Disclosure mailing list archives
Re: Work-around solution to : Apple Mac OS X Screen Saver Password Prompt Buffer Overflow Vulnerability
From: petard <petard () sdf lonestar org>
Date: Tue, 8 Jul 2003 23:41:15 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
With regards to the above vulnerability, I tested 3 Machines (1: G4 450 & 2: Dual G4 1.2G) They all had the mentioned screen saver vulnerability. However, a work-around solution is if you use "Key-chain access" and lock screen instead of using the "hot-spot" method. The end effects are the same using both but the buffer overflow is avoided using the former method.
Using your method of locking the screen, my machine (G4 1GHz, 10.2.6) is still vulnerable. I was able to get in in under 20 seconds using the emacs shortcuts, same as before. Regards, petard - -- "I say we institute [...] roving squadrons of Darren Reed clones to bore yuppie scum like this to death with the inherent merits of ipf over pf." -- Anonymous Coward, OpenBSD Journal (http://deadly.org/) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (NetBSD) iD8DBQE/C1aOgkiZ59A0kiQRAh/bAJ9T1pddXRk3xWwWYOEgZUKavr9N0QCcCWsR TPlO0+IssU09RilIWuOvmFk= =c3KH -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Work-around solution to : Apple Mac OS X Screen Saver Password Prompt Buffer Overflow Vulnerability Rishi Pande (Jul 08)
- Re: Work-around solution to : Apple Mac OS X Screen Saver Password Prompt Buffer Overflow Vulnerability petard (Jul 08)