CVE-2023-24039
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Los usuarios locales con pocos privilegios pueden aprovechar un desbordamiento de búfer en la región stack de la memoria en ParseColors en libXm en Common Desktop Environment 1.6 a través del binario dtprintinfo setuid para escalar sus privilegios a root en sistemas Solaris 10. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-01-21 CVE Reserved
- 2023-01-21 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2023/Jan/24 | Mailing List |
|
| https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintlibXmas.c | Third Party Advisory | |
| https://github.com/hnsecurity/vulns/blob/main/HNS-2022-01-dtprintinfo.txt | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://security.humanativaspa.it/nothing-new-under-the-sun | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opengroup Search vendor "Opengroup" | Common Desktop Environment Search vendor "Opengroup" for product "Common Desktop Environment" | 1.6 Search vendor "Opengroup" for product "Common Desktop Environment" and version "1.6" | - |
Affected
| ||||||