CVE-2020-2696 – Local privilege escalation via CDE dtsession

During my recent audit of Oracle Solaris, undertaken as a weekend project, I inevitably had to review the Common Desktop Environment shipped with Solaris 10. CDE has a huge attack surface of legacy code. Not too surprisingly, I found my … Continue reading CVE-2020-2696 – Local privilege escalation via CDE dtsession