Full Disclosure mailing list archives
Re: Work-around solution to : Apple Mac OS X Screen Saver Password Prompt Buffer Overflow Vulnerability
From: petard <petard () sdf lonestar org>
Date: Tue, 8 Jul 2003 23:41:15 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
With regards to the above vulnerability, I tested 3 Machines (1: G4
450 & 2: Dual G4 1.2G) They all had the mentioned screen saver
vulnerability.
However, a work-around solution is if you use "Key-chain access" and
lock screen instead of using the "hot-spot" method. The end effects are
the same using both but the buffer overflow is avoided using the former
method.
Using your method of locking the screen, my machine (G4 1GHz, 10.2.6) is still
vulnerable. I was able to get in in under 20 seconds using the emacs shortcuts,
same as before.
Regards,
petard
- --
"I say we institute [...] roving squadrons of Darren Reed clones to
bore yuppie scum like this to death with the inherent merits of ipf
over pf."
-- Anonymous Coward, OpenBSD Journal (http://deadly.org/)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (NetBSD)
iD8DBQE/C1aOgkiZ59A0kiQRAh/bAJ9T1pddXRk3xWwWYOEgZUKavr9N0QCcCWsR
TPlO0+IssU09RilIWuOvmFk=
=c3KH
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Work-around solution to : Apple Mac OS X Screen Saver Password Prompt Buffer Overflow Vulnerability Rishi Pande (Jul 08)
- Re: Work-around solution to : Apple Mac OS X Screen Saver Password Prompt Buffer Overflow Vulnerability petard (Jul 08)
