Mac OS X Login Window Local DoS

2006-05-13T00:00:00
ID OSVDB:20776
Type osvdb
Reporter ph0enix(ph0enix@attrition.org)
Modified 2006-05-13T00:00:00

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when the 'loginwindow' application has been configured to display the login window as 'Name and password' and the 'Show the Restart, Sleep, and Shut Down buttons' option is disabled. By providing '>restart', '>power' or '>shutdown' in the username field of the login window, a malicious user can force a reboot or shutdown of the machine without providing a password first resulting in a loss of availability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when the 'loginwindow' application has been configured to display the login window as 'Name and password' and the 'Show the Restart, Sleep, and Shut Down buttons' option is disabled. By providing '>restart', '>power' or '>shutdown' in the username field of the login window, a malicious user can force a reboot or shutdown of the machine without providing a password first resulting in a loss of availability.

References:

Vendor URL: http://www.apple.com/ CVE-2005-3782