A difficult to exploit heap-based buffer overflow in setuid root whodo and w binaries distributed with Solaris allows local users to corrupt memory and potentially execute arbitrary code in order…
A difficult to exploit stack-based buffer overflow in the _DtCreateDtDirs() function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 (Update 11) and earlier may allow local…
Since I moved from Solaris 11 to audit Solaris 10, my weekend project has become much more fun... As you already know if you are a reader of this blog,…
During my recent audit of Oracle Solaris, undertaken as a weekend project, I inevitably had to review the Common Desktop Environment shipped with Solaris 10. CDE has a huge attack…
A low impact information disclosure vulnerability in the setuid root xlock binary distributed with Solaris may allow local users to read partial contents of sensitive files. Due to the fact…
As previously mentioned, INFILTRATE left me with the will to hack stuff and enjoy it like it was 1999. That's why I decided to take a closer look at Solaris…
2019 marks 20 years of my professional career in information security. What better way to celebrate this milestone than to give a talk at INFILTRATE? For those who are not…
A buffer overflow in the DtPrinterAction::PrintActionExists() function in the Common Desktop Environment 2.3.0 and earlier, as used in Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to…