Severity
High
Analysis Summary
CVE-2023-24040 CVSS:7.1
Oracle Systems could allow a local authenticated attacker to bypass security restrictions, caused by a bug in the parser of lpstat in dtprintinfo when using the Common Desktop Environment (CDE). By using the $HOME/.printers file, an attacker could exploit this vulnerability to inject arbitrary printer names and manipulate the control flow and disclose memory contents on Solaris 10 systems.
CVE-2023-24039 CVSS:7.8
Oracle Systems Solais is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by ParseColors in libXm when using the Common Desktop Environment (CDE). By using the dtprintinfo setuid binary, a local authenticated attacker could exploit this vulnerability to escalate their privileges to root on Solaris 10 systems.
Impact
- Security Bypass
- Buffer Overflow
Indicators Of Compromise
CVE
- CVE-2023-24040
- CVE-2023-24039
Affected Vendors
Oracle
Affected Products
- Oracle Solaris 10
Remediation
Refer to Oracle Critical Patch Update Advisory for patch, upgrade or suggested workaround information