Xscreensaver problem
Description: | Apparently if you type more then 80 characters into an xscreensaver password window it will die and you will gain access to the desktop. Also not that with XFree86 you can often use CNTRL-SHIFT-BACKSPACE to simply kill the server (and whatever X program is locking it). |
Author: | Kim San Su <shanx@comp67.snu.ac.kr> |
Compromise: | Bypass xscreensaver password security |
Vulnerable Systems: | Those where people run a vulnerable version of xscreensaver to lock their X-Windows sessions. |
Date: | 2 December 1997 |
Date: Tue, 2 Dec 1997 00:23:04 -0600
From: Aleph One <aleph1@DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
Subject: xscreensaver buffer overflow
On an article on c.s.u Kim San Su <shanx@comp67.snu.ac.kr> (Message-ID:
<34819D49.73C9F17E@comp67.snu.ac.kr>) states he has found a buffer
overflow in xscreensaver.
When you use xscreensaver to lock your workstaion and you enter more than
80 characters at the password input windows, xscreensaver will die and you
will have access to the X desktop.
Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
world.
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources: