■ ■ ■ ■ ■ ■
solaris/raptor_dtprintlibXmas.c
| skipped 6 lines |
7 | 7 | | * there is nothing new under the Sun." |
8 | 8 | | * -- Ecclesiastes 1:9 |
9 | 9 | | * |
| 10 | + | * "A stack-based buffer overflow in ParseColors in libXm in Common Desktop |
| 11 | + | * Environment 1.6 can be exploited by local low-privileged users via the |
| 12 | + | * dtprintinfo setuid binary to escalate their privileges to root on Solaris |
| 13 | + | * 10 systems. NOTE: This vulnerability only affects products that are no |
| 14 | + | * longer supported by the maintainer." (CVE-2023-24039) |
| 15 | + | * |
10 | 16 | | * #Solaris #CDE #0day #ForeverDay #WontFix |
11 | 17 | | * |
12 | 18 | | * This exploit illustrates yet another way to abuse the infamous dtprintinfo |
| skipped 385 lines |