PT-2023-19372 · Oracle · Solaris
Marco Ivaldi
·
Published
2023-01-21
·
Updated
2025-04-02
·
CVE-2023-24039
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Common Desktop Environment version 1.6
Description
A stack-based buffer overflow in the
ParseColors function in libXm can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on Solaris 10 systems. This issue only affects products that are no longer supported by the maintainer.Recommendations
For Common Desktop Environment version 1.6, as a temporary workaround, consider disabling the
dtprintinfo setuid binary until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Solaris