Xscreensaver problem

Summary
Description:Apparently if you type more then 80 characters into an xscreensaver password window it will die and you will gain access to the desktop. Also not that with XFree86 you can often use CNTRL-SHIFT-BACKSPACE to simply kill the server (and whatever X program is locking it).
Author:Kim San Su <shanx@comp67.snu.ac.kr>
Compromise:Bypass xscreensaver password security
Vulnerable Systems:Those where people run a vulnerable version of xscreensaver to lock their X-Windows sessions.
Date:2 December 1997
Details


Date: Tue, 2 Dec 1997 00:23:04 -0600
From: Aleph One <aleph1@DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
Subject: xscreensaver buffer overflow

On an article on c.s.u Kim San Su <shanx@comp67.snu.ac.kr> (Message-ID:
<34819D49.73C9F17E@comp67.snu.ac.kr>) states he has found a buffer
overflow in xscreensaver.

When you use xscreensaver to lock your workstaion and you enter more than
80 characters at the password input windows, xscreensaver will die and you
will have access to the X desktop.

Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]