Mac OS X Screensaver Lets Physically Local Users Pass Keystrokes to the Operating System
|
|
SecurityTracker Alert ID: 1008021
|
|
CVE Reference: CAN-2003-1008
(Links to External Site)
|
Updated: Dec 20 2003
|
Original Entry Date: Oct 28 2003
|
Impact: User access via local system
|
Exploit Included: Yes
|
Version(s): 10.3 Build 7B85
|
Description: Another vulnerability was reported in Mac OS X in the screen saver. A physically local user can partially bypass a locked system.
CodeSamurai reported that a physically local user with access to the keyboard can cause keystrokes to be passed to the operating
system. A physically local user can send keystrokes during a short period of time between when the screen effect is active and
the authentication window is displayed, the report said.
|
Impact: A physically local user can generate keystrokes that will bypass the screen saver keyboard lock and take actions on the desktop.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.apple.com/ (Links to External Site)
|
Cause: Access control error, State error
|
Underlying OS: UNIX (Mac OS X)
|
Reported By: kang <kang@insecure.ws>
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 28 Oct 2003 17:46:41 +0100
From: kang <kang@insecure.ws>
Subject: [securemac] Local vulnerability: MacOSX Screensaver locking bypass.
|
Mac OS X 10.3 Panther Screen Lock Bypass
*Advisory Title*: Keys Getting Past Panther Screen Lock
*Release Date*: 2003 October 28
*Affected Product*: Mac OS X 10.3 Build 7B85
*Severity*: Low
*Impact*: Security Bypass
*Where*: Local System
*Author*: CodeSamurai (codesamurai@mac.com)
*VULNERABILITY*
With access to the keyboard, an unauthorized user can access the
currently active screen-locked user environment. However, there is only
a relatively small opening in the period of time in which the keys
events get through; completing complicated operations at the keyboard
have shown to be highly tedious in actual practice thus far.
*EXPLOIT*
With the screen effect active, keys pressed before the authentication
window appears will be sent to the general user environment.
*PRACTICAL TESTS*
Tested Examples:
- An open word processing document can be typed in.
- Shortcut operations via the keyboard are executed.
- New windows can be spawned.
- New folders can be created in the Finder.
- Switching between running applications is possible.
- One can navigate through the file system and launch applications.
- Terminal was launched and binary was executed from the command line.
*CONCLUSION*
Although the potential risk due to malicious intent via this
vulnerability is obvious, tentatively it appears that in real-world
practicality, the impact will most likely be statistically small. (But a
chain is only as strong as its weakest link.)
*SecureMac Notes*: For the first-time-user actually executing anything
useful before the screen lock appears is hard. For the user who
practices and knows where items are stored and can quickly move around
with the keys could change information or even disable authentication
and gain access to the desktop.
Full advisory is available here:
http://www.securemac.com/macosx-screenlock-bypass.php
|
|
