[Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1232 - 32 msgs

[Darren Bounds <dbounds () intrusense com>]

Verified.

I was successful in changing the password of current user (myself) with 
an open terminal in focus on the desktop.


Darren Bounds
Intrusense LLC.
http://www.intrusense.com

--
Intrusense - Securing Business As Usual



> Date: Tue, 28 Oct 2003 17:46:41 +0100
> From: kang <kang () insecure ws>
> To: full-disclosure () lists netsys com, bugtraq () securityfocus com
> Subject: [Full-disclosure] [securemac] Local vulnerability: MacOSX 
> Screensaver locking bypass.
>
>
>       Mac OS X 10.3 Panther Screen Lock Bypass
>
> *Advisory Title*: Keys Getting Past Panther Screen Lock
> *Release Date*: 2003 October 28
> *Affected Product*: Mac OS X 10.3 Build 7B85
> *Severity*: Low
> *Impact*: Security Bypass
> *Where*: Local System
> *Author*: CodeSamurai (codesamurai () mac com)
>
> *VULNERABILITY*
> With access to the keyboard, an unauthorized user can access the
> currently active screen-locked user environment. However, there is only
> a relatively small opening in the period of time in which the keys
> events get through; completing complicated operations at the keyboard
> have shown to be highly tedious in actual practice thus far.
>
> *EXPLOIT*
> With the screen effect active, keys pressed before the authentication
> window appears will be sent to the general user environment.
>
> *PRACTICAL TESTS*
> Tested Examples:
> - An open word processing document can be typed in.
> - Shortcut operations via the keyboard are executed.
> - New windows can be spawned.
> - New folders can be created in the Finder.
> - Switching between running applications is possible.
> - One can navigate through the file system and launch applications.
> - Terminal was launched and binary was executed from the command line.
>
> *CONCLUSION*
> Although the potential risk due to malicious intent via this
> vulnerability is obvious, tentatively it appears that in real-world
> practicality, the impact will most likely be statistically small. (But 
> a
> chain is only as strong as its weakest link.)
>
> *SecureMac Notes*: For the first-time-user actually executing anything
> useful before the screen lock appears is hard. For the user who
> practices and knows where items are stored and can quickly move around
> with the keys could change information or even disable authentication
> and gain access to the desktop.
>
>
> Full advisory is available here:
> http://www.securemac.com/macosx-screenlock-bypass.php
>
>
>
>
>
> --__--__--
>
> _______________________________________________
> Full-Disclosure mailing list
> Full-Disclosure () lists netsys com
> http://lists.netsys.com/mailman/listinfo/full-disclosure
>
>
> End of Full-Disclosure Digest

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html