• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Apple Mac OS X Screen Effects Password Prompt Buffer Overflow Vulnerability

Apple Mac OS X has a screen saver, entitled Screen Effects, with a password feature. A buffer overflow vulnerability has been reported for the screen saver that may result in an attacker obtaining access to the vulnerable system.

An attacker can exploit this vulnerability by inputting many characters into the password field prompt and sending it to the vulnerable screen saver which will and enable the attacker to access the vulnerable system as the currently logged on user.

** Reports suggest that an attacker supplying an overly long password consisting of about 1368 characters will cause the screen saver to crash.