CVE-2023-24039

A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2023/Jan/24	Mailing List Third Party Advisory
https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintlibXmas.c	Third Party Advisory
https://github.com/hnsecurity/vulns/blob/main/HNS-2022-01-dtprintinfo.txt	Third Party Advisory
https://security.humanativaspa.it/nothing-new-under-the-sun/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:opengroup:common_desktop_environment:1.6:*:*:*:*:*:*:*

History

21 Mar 2024, 02:46

Type	Values Removed	Values Added
Summary		(es) Los usuarios locales con pocos privilegios pueden aprovechar un desbordamiento de búfer en la región stack de la memoria en ParseColors en libXm en Common Desktop Environment 1.6 a través del binario dtprintinfo setuid para escalar sus privilegios a root en sistemas Solaris 10. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante.

Information

Published : 2023-01-21 02:15

Updated : 2024-05-17 02:20

NVD link : CVE-2023-24039

Mitre link : CVE-2023-24039

CVE.ORG link : CVE-2023-24039

JSON object : View

Products Affected

opengroup

common_desktop_environment

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2023-24039", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-01-21T02:15:09.550", "references": [{"url": "http://seclists.org/fulldisclosure/2023/Jan/24", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintlibXmas.c", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/hnsecurity/vulns/blob/main/HNS-2022-01-dtprintinfo.txt", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.humanativaspa.it/nothing-new-under-the-sun/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "Los usuarios locales con pocos privilegios pueden aprovechar un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en ParseColors en libXm en Common Desktop Environment 1.6 a trav\u00e9s del binario dtprintinfo setuid para escalar sus privilegios a root en sistemas Solaris 10. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."}], "lastModified": "2024-05-17T02:20:10.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opengroup:common_desktop_environment:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8CC0760-2280-40F0-ADC9-2655EF18FC36"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}