![]() |
Summary |
---|
Description: | Apparently if you type more then 80 characters into an xscreensaver password window it will die and you will gain access to the desktop. Also not that with XFree86 you can often use CNTRL-SHIFT-BACKSPACE to simply kill the server (and whatever X program is locking it). |
Author: | Kim San Su <shanx@comp67.snu.ac.kr> |
Compromise: | Bypass xscreensaver password security |
Vulnerable Systems: | Those where people run a vulnerable version of xscreensaver to lock their X-Windows sessions. |
Date: | 2 December 1997 |
Details |
---|
Date: Tue, 2 Dec 1997 00:23:04 -0600 From: Aleph One <aleph1@DFW.NET> To: BUGTRAQ@NETSPACE.ORG Subject: xscreensaver buffer overflow On an article on c.s.u Kim San Su <shanx@comp67.snu.ac.kr> (Message-ID: <34819D49.73C9F17E@comp67.snu.ac.kr>) states he has found a buffer overflow in xscreensaver. When you use xscreensaver to lock your workstaion and you enter more than 80 characters at the password input windows, xscreensaver will die and you will have access to the X desktop. Aleph One / aleph1@dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
More Exploits! |
---|
All OS's | Linux | Solaris/SunOS | Micro$oft |
*BSD | Macintosh | AIX | IRIX |
ULTRIX/Digital UNIX | HP/UX | SCO | Remote exploits |