PT-2023-19372 · Oracle · Solaris

Marco Ivaldi

Publicado

2023-01-21

Atualizado

2025-04-02

CVE-2023-24039

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Common Desktop Environment version 1.6

Description A stack-based buffer overflow in the ParseColors function in libXm can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on Solaris 10 systems. This issue only affects products that are no longer supported by the maintainer.

Recommendations For Common Desktop Environment version 1.6, as a temporary workaround, consider disabling the dtprintinfo setuid binary until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

CVE-2023-24039

Produtos afetados

Solaris

PT-2023-19372 · Oracle · Solaris

CVE-2023-24039

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8