Mac OS X Screensaver Authentication Password Field Overflow

2003-07-04T09:23:03
ID OSVDB:2264
Type osvdb
Reporter Delfim Machado(bipbip@xpto.org)
Modified 2003-07-04T09:23:03

Description

Vulnerability Description

A local overflow exists in Mac OS X. The screensaver authentication password prompt fails to validate user input resulting in a buffer overflow. By entering an overly long string, an attacker can cause the screensaver to crash and access the desktop as the currently logged-on user, resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

A local overflow exists in Mac OS X. The screensaver authentication password prompt fails to validate user input resulting in a buffer overflow. By entering an overly long string, an attacker can cause the screensaver to crash and access the desktop as the currently logged-on user, resulting in a loss of integrity.

References:

Vendor Specific Solution URL: http://docs.info.apple.com/article.html?artnum=120232 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-07/0034.html ISS X-Force ID: 12505 CVE-2003-0518 Bugtraq ID: 8106