Common Desktop Environment 2.3.1 / 1.6 libDtSvc Buffer Overflow
Posted by deepcore on April 18, 2020 – 4:43 pm
A difficult to exploit stack-based buffer overflow in the _DtCreateDtDirs() function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 (Update 11) and earlier may allow local users to corrupt memory and potentially execute arbitrary code in order to escalate privileges via a long X11 display name. The vulnerable function is located in the libDtSvc library and can be reached by executing the setuid program dtsession. Versions 2.3.1 and below as well as 1.6 and earlier are affected.
Post a reply
You must be logged in to post a comment.