I've written an exploit for the local privilege escalation and remote command execution vulnerability in OpenBSD's OpenSMTPD recently reported by Qualys as CVE-2020-7247: "smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as…
During my recent audit of Oracle Solaris, undertaken as a weekend project, I inevitably had to review the Common Desktop Environment shipped with Solaris 10. CDE has a huge attack…
A low impact information disclosure vulnerability in the setuid root xlock binary distributed with Solaris may allow local users to read partial contents of sensitive files. Due to the fact…
As previously mentioned, INFILTRATE left me with the will to hack stuff and enjoy it like it was 1999. That's why I decided to take a closer look at Solaris…
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. (CVE-2019-10149) I have…
A buffer overflow in the DtPrinterAction::PrintActionExists() function in the Common Desktop Environment 2.3.0 and earlier, as used in Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to…
I was investigating another 0day, when I noticed that Solaris 11 is also affected by the recent Xorg local privilege escalation vulnerability (CVE-2018-14665). For a number of reasons, finding a…
This is my take on the recent Xorg vulnerability (CVE-2018-14665): "A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg.…
