Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-24039

Опубликовано: 21 янв. 2023
Источник: redhat
CVSS3: 8.1

Описание

A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

A flaw was found in libXm, a library distributed by the motif package. A specially crafted XPM file with long color strings can lead to a stack-based buffer overflow in the ParseColors function due to the unsafe use of the strcat function, resulting in privilege escalation.

Отчет

The libXm library as distributed by the motif package in Red Hat Enterprise Linux 7, 8 and 9 are not affected by this vulnerability because the unsafe strcat function call was already replaced with a safer function call in previous updates. The dtprintinfo setuid binary is not distributed with Red Hat Enterprise Linux and Red Hat never provided support for CDE (Common Desktop Environment). See https://access.redhat.com/solutions/5547801 for more information.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7motifNot affected
Red Hat Enterprise Linux 8motifNot affected
Red Hat Enterprise Linux 9motifNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=2163813motif: libXm: stack-based buffer overflow in ParseColors()

8.1 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-24039

CVSS3: 7.8
nvd
около 3 лет назад

A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

github логотип

GHSA-2v9m-mhmr-2xcw

CVSS3: 7.8
github
около 3 лет назад

** UNSUPPORTED WHEN ASSIGNED ** A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

8.1 High

CVSS3