[NEWS] Mac OS X Panther Screen Lock Bypass
From: SecuriTeam (support_at_securiteam.com)
Date: 11/02/03
- Previous message: SecuriTeam: "[NEWS] BEA WebLogic Example InteractiveQuery.jsp XSS Issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 2 Nov 2003 16:55:43 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Mac OS X Panther Screen Lock Bypass
------------------------------------------------------------------------
SUMMARY
With access to the keyboard, an unauthorized user can access the currently
active screen-locked user environment. However, there is only a relatively
small opening in the period of time in which the keys events get through;
completing complicated operations at the keyboard have shown to be highly
tedious in actual practice thus far.
DETAILS
Vulnerable systems:
* Mac OS X version 10.3 Build 7B85
Exploit:
With the screen effect active, keys pressed before the authentication
window appears will be sent to the general user environment.
Practical tests:
Tested Examples:
- An open word processing document can be typed in
- Shortcut operations via the keyboard are executed
- New windows can be spawned
- New folders can be created in the Finder
- Switching between running applications is possible
- One can navigate through the file system and launch applications
- Terminal was launched and binary was executed from the command line
Conclusion:
Although the potential risk due to malicious intent via this vulnerability
is obvious, tentatively it appears that in real-world practicality, the
impact will most likely be statistically small (However, a chain is only
as strong as its weakest link).
SecureMac Notes: For the first time user actually executing anything
useful before the screen lock appears is hard. For the user who practices
and knows where items are stored and can quickly move around with the keys
could change information or even disable authentication and gain access to
the desktop.
Outside of the advisory, another major concern is that the user types
their password before the dialog box has appeared and it echoes to
whatever application is parent in plain text. Instant Messages is what
users are reporting they have echoed their passwords into accidentally.
ADDITIONAL INFORMATION
The information has been provided by <mailto:codesamurai@mac.com>
CodeSamurai.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NEWS] BEA WebLogic Example InteractiveQuery.jsp XSS Issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
