View Full Version : Re: Mac Screensaver Vulnerable - OS X

Sandman
07-07-2003, 10:06 AM
In article <09bfgvkpel584p89ihlehdr21kd3v8j7jc[at]4ax.com>, foo <foo[at]bar.com>
wrote:

> http://lists.netsys.com/pipermail/full-disclosure/2003-July/010910.html
>
> Comments?
>
> Basically, hit keys for 5 minutes or so, hit enter, gain access to the
> desktop (ie bypass the screensaver).

It doesn't work for me.

--
Sandman[.net]
Steve
07-07-2003, 01:04 PM
flip <flippo[at]mac.com> wrote:

> In article <mr-19287D.11061307072003[at]news.fu-berlin.de>,
> Sandman <mr[at]sandman.net> wrote:
>
> > In article <09bfgvkpel584p89ihlehdr21kd3v8j7jc[at]4ax.com>, foo <foo[at]bar.com>
> > wrote:
> >
> > > http://lists.netsys.com/pipermail/full-disclosure/2003-July/010910.html
> > >
> > > Comments?
> > >
> > > Basically, hit keys for 5 minutes or so, hit enter, gain access to the
> > > desktop (ie bypass the screensaver).
> >
> > It doesn't work for me.
>
> So far, no one in this group has been able to duplicate it.

I can reliably reproduce the problem on a Powerbook G4 running OS X
10.2.6 and the 'Cosmos' screen saver module enabled requiring a password
to unlock...

1. fill the password field with characters (it's around 40 chars long)
2. place the cursor back at the start of the field and hit ctrl-k (this
cuts the text to the clipboard)
3. ctrl-y 40 or so times to paste that text back in
4. hit enter.

The screensaver engine crashes without fail, although occassionally
restarts again. After crashing a second time, it doesn't seem to
restart. From the crash log:

Date/Time: 2003-07-07 13:49:53 +0200
OS Version: 10.2.6 (Build 6L60)
Host: xxxxxxx

Command: ScreenSaverEngine
PID: 4543

Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_INVALID_ADDRESS (0x0001) at 0xe280a2e6

Thread 0 Crashed:
#0 0x900042a8 in free_list_remove_ptr
#1 0x90003f60 in szone_free
#2 0x92be1388 in checkpw_internal
#3 0x92cf4414 in checkpw
#4 0x000066cc in 0x66cc
#5 0x930c7e44 in forwardMethod
#6 0x930c7e44 in forwardMethod
#7 0x930c1694 in -[NSWindow sendEvent:]
#8 0x930a8e20 in -[NSApplication sendEvent:]
#9 0x000074d8 in 0x74d8
#10 0x930b1dac in -[NSApplication run]
#11 0x00004678 in 0x4678
#12 0x00004328 in 0x4328
#13 0x000041a8 in 0x41a8

Thread 1:
#0 0x90014d28 in syscall_thread_switch
#1 0x97e03ef4 in +[NSThread sleepUntilDate:]
#2 0x93081cac in -[NSUIHeartBeat _heartBeatThread:]
#3 0x97e2cc50 in forkThreadForFunction
#4 0x90020d48 in _pthread_body


Some people rely (probably unwisely) on the security of the screensaver,
so hopefully Apple will get this one patched quickly.
foo
07-07-2003, 03:18 PM
On Mon, 07 Jul 2003 11:29:05 GMT, flip <flippo[at]mac.com> wrote:

>In article <mr-19287D.11061307072003[at]news.fu-berlin.de>,
> Sandman <mr[at]sandman.net> wrote:
>
>> In article <09bfgvkpel584p89ihlehdr21kd3v8j7jc[at]4ax.com>, foo <foo[at]bar.com>
>> wrote:
>>
>> > http://lists.netsys.com/pipermail/full-disclosure/2003-July/010910.html
>> >
>> > Comments?
>> >
>> > Basically, hit keys for 5 minutes or so, hit enter, gain access to the
>> > desktop (ie bypass the screensaver).
>>
>> It doesn't work for me.
>
>So far, no one in this group has been able to duplicate it.

Check the 2 links provided - plenty there have duplicated it.