Posts by: Marco Ivaldi (aka raptor)
CVE-2020-2851 – Stack-based buffer overflow in CDE libDtSvc
A difficult to exploit stack-based buffer overflow in the _DtCreateDtDirs() function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 (Update 11) and earlier may allow local…
CVE-2020-2944 – Local privilege escalation via CDE sdtcm_convert
Since I moved from Solaris 11 to audit Solaris 10, my weekend project has become much more fun... As you already know if you are a reader of this blog,…
CVE-2020-7247 exploit: LPE and RCE in OpenBSD’s OpenSMTPD
I've written an exploit for the local privilege escalation and remote command execution vulnerability in OpenBSD's OpenSMTPD recently reported by Qualys as CVE-2020-7247: "smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as…
CVE-2020-2696 – Local privilege escalation via CDE dtsession
During my recent audit of Oracle Solaris, undertaken as a weekend project, I inevitably had to review the Common Desktop Environment shipped with Solaris 10. CDE has a huge attack…
CVE-2020-2656 – Low impact information disclosure via Solaris xlock
A low impact information disclosure vulnerability in the setuid root xlock binary distributed with Solaris may allow local users to read partial contents of sensitive files. Due to the fact…
CVE-2019-3010 – Local privilege escalation on Solaris 11.x via xscreensaver
As previously mentioned, INFILTRATE left me with the will to hack stuff and enjoy it like it was 1999. That's why I decided to take a closer look at Solaris…