what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

sms.185.cde
Posted Feb 11, 1999

Common Desktop Environment (CDE)

MD5 | 990e51c23f6333d1c7fba1c5e99f644e

Related Files

Common Desktop Environment 2.3.1 / 1.6 libDtSvc Buffer Overflow
Posted Apr 17, 2020
Authored by Marco Ivaldi

A difficult to exploit stack-based buffer overflow in the _DtCreateDtDirs() function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 (Update 11) and earlier may allow local users to corrupt memory and potentially execute arbitrary code in order to escalate privileges via a long X11 display name. The vulnerable function is located in the libDtSvc library and can be reached by executing the setuid program dtsession. Versions 2.3.1 and below as well as 1.6 and earlier are affected.

tags | exploit, overflow, arbitrary, local
systems | solaris
advisories | CVE-2020-2851
MD5 | c7348e1fb04cdcfdbe4ecfb089b5825b
Common Desktop Environment 1.6 Local Privilege Escalation
Posted Apr 17, 2020
Authored by Marco Ivaldi

A buffer overflow in the _SanityCheck() function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 (Update 11) and earlier allows local users to gain root privileges via a long calendar name or calendar owner passed to sdtcm_convert in a malicious calendar file. The open source version of CDE (based on the CDE 2.x codebase) is not affected, because it does not ship the vulnerable program. Versions 1.6 and below are affected.

tags | exploit, overflow, local, root
systems | solaris
advisories | CVE-2020-2944
MD5 | a52155188d9d9476faa2c94dc62f2069
Common Desktop Environment 2.3.1 Buffer Overflow
Posted Jan 17, 2020
Authored by Marco Ivaldi

A buffer overflow in the CheckMonitor() function in the Common Desktop Environment 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefaults file. Note that Oracle Solaris CDE is based on the original CDE 1.x train, which is different from the CDE 2.x codebase that was later open sourced. Most notably, the vulnerable buffer in the Oracle Solaris CDE is stack-based, while in the open source version it is heap-based.

tags | exploit, overflow, local, root
systems | solaris
advisories | CVE-2020-2696
MD5 | f61714fa339de224c3899e225d64a420
SunOS 5.10 Generic_147148-26 Local Privilege Escalation
Posted Jan 15, 2020
Authored by Marco Ivaldi

SunOS version 5.10 Generic_147148-26 local privilege escalation exploit. A buffer overflow in the CheckMonitor() function in the Common Desktop Environment versions 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefaults file.

tags | exploit, overflow, local, root
systems | solaris
advisories | CVE-2020-2696
MD5 | 55c1e1683127ba3a3c82c35279e5e6db
Common Desktop Environment 2.3.0 dtprintinfo Privilege Escalation
Posted May 17, 2019
Authored by Marco Ivaldi

A buffer overflow in the DtPrinterAction::PrintActionExists() function in the Common Desktop Environment 2.3.0 and earlier, as used in Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long printer name passed to dtprintinfo by a malicious lpstat program.

tags | exploit, overflow, local, root
systems | solaris
advisories | CVE-2019-2832
MD5 | ea6e7c2d1a9b43266fe95e8a9d5cbc8a
Solaris EXTREMEPARR dtappgather Privilege Escalation
Posted Sep 25, 2018
Authored by Brendan Coles, Hacker Fantastic, Shadow Brokers | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in the dtappgather executable included with Common Desktop Environment (CDE) on unpatched Solaris systems prior to Solaris 10u11 which allows users to gain root privileges. dtappgather allows users to create a user-owned directory at any location on the filesystem using the DTUSERSESSION environment variable. This Metasploit module creates a directory in /usr/lib/locale, writes a shared object to the directory, and runs the specified SUID binary with the shared object loaded using the LC_TIME environment variable. This Metasploit module has been tested successfully on: Solaris 9u7 (09/04) (x86); Solaris 10u1 (01/06) (x86); Solaris 10u2 (06/06) (x86); Solaris 10u4 (08/07) (x86); Solaris 10u8 (10/09) (x86); Solaris 10u9 (09/10) (x86).

tags | exploit, x86, root
systems | solaris
advisories | CVE-2017-3622
MD5 | f10a9baa72d2639e9298d5dc6fb5e7c2
20040801_01_P.asc
Posted Aug 4, 2004

Two specific flaws may allow for local root exploit of systems with CDE (Common Desktop Environment) less than 5.3.4.

tags | advisory, local, root
advisories | CVE-2003-0834
MD5 | 91bc9abd5fc1b0b77c943346e7e8ffdf
CA-2002-26.tooltalk
Posted Aug 13, 2002
Site cert.org

CERT Advisory CA-2002-26 - The Common Desktop Environment (CDE) ToolTalk RPC database server contains a heap overflow vulnerability that could allows remote attackers to execute arbitrary code.

tags | remote, overflow, arbitrary
advisories | CVE-2002-0679
MD5 | 82c668c15b22cbde6c13d68197828cdc
iss.01-11-12.dtspcd
Posted Nov 12, 2001
Site xforce.iss.net

ISS discovered a buffer overflow vulnerability in the Subprocess Control Server (dtspcd) in all Unix variants running CDE (Common Desktop Environment) system. The vulnerability in the dtspcd daemon allows remote attackers to execute arbitrary commands on a target system as root. Many unix flavors are affected.

tags | remote, overflow, arbitrary, root
systems | unix
MD5 | beea66f63139c599a9961d27013d248f
sms.194.txt
Posted Mar 29, 2000
Site sunsolve.sun.com

Sun Microsystems Security Bulletin #194 - Sun announces the release of patches for Solaris 7 which relate to four vulnerabilities in BIND reported in CERT Advisory CA-99-14 which allow remote attackers to crash or degrade the performance of named.

tags | remote, vulnerability
systems | solaris
MD5 | 1770ef7d71d2935ecee7a51316bba060
sms.htm
Posted Feb 1, 2000
Site oliver.efri.hr

SMS 2.0 Remote Control (for Windows NT) introduces a security risk that will allow the attacker to run programs in system context, due to the fact that the executable used for the remote control service is copied to the workstation without any special permission settings to prevent a user from replacing the executable.

tags | exploit, remote
systems | windows, nt
MD5 | 939250f9f1bfa69849fd81cc78038d43
sms.193.ddos
Posted Jan 6, 2000

Sun Microsystems Advisory #193 - Distributed denial service tools.

MD5 | 5f6695af876d0c7f6c0dbee8c3dd35ab
sms.192.cde
Posted Dec 31, 1999

Sun Microsystems Security Bulletin #192 - Vulnerabilities in CDE and openwindows. Vulnerable versions include SunOS 5.7, 5.7_x86, 5.6, 5.6_x86, 5.5.1, 5.5, 5.4, 5.3, 4.1.4, and 4.1.3_U1. Vulnerable programs include the ToolTalk messaging utility, ttsession, CDE dtspcd, CDE dtaction, and the CDE ToolTalk shared library.

tags | vulnerability
systems | solaris
MD5 | 8872bf3eace3fc478f608f87350e82c6
sms.191.sadmind
Posted Dec 31, 1999

Sun Security Bulletin #191 - The sadmind program is installed by default on SunOS 5.7, 5.6, 5.5.1, and 5.5. In SunOS 5.4 and 5.3. A buffer overflow vulnerability has been discovered in sadmind which is exploited by a remote attacker to execute arbitrary instructions and gain root access.

tags | remote, overflow, arbitrary, root
systems | solaris
MD5 | 02753042def1c0264f885699fa83b094
sms.190.snoop
Posted Dec 14, 1999

Sun Microsystems Advisory #190 - Patch available for the overflow ISS discovered in Solaris snoop. The snoop program captures packets from the network and displays their contents. A buffer overflow vulnerability has been discovered which may be exploited by a remote attacker to execute arbitrary instructions and gain root access. The buffer overflow occurs when snoop analyzes certain types of large requests to the rquotad rpc service.

tags | remote, overflow, arbitrary, root
systems | solaris
MD5 | 8f63a75bbd5218249274cc0d8a158dbc
sms.170.rpc_nisd
Posted Sep 16, 1999

rpc.nisd

MD5 | 6bc80785daa5f16e50246951289b53f5
sms.114.loadmodule
Posted Sep 16, 1999

sms.114.loadmodule

MD5 | 8bfe167e3385dae8cc93ef32a026a8cd
sms.189.lc_messages
Posted Sep 16, 1999

LC_MESSAGES

MD5 | cf5bc55f324689483396c1dc8011a978
CA-99.11.CDE
Posted Sep 14, 1999

Multiple vulnerabilities have been identified in some distributions of the Common Desktop Environment (CDE).

tags | vulnerability
MD5 | 8a961138a00baf29495fb6d2db6f4966
CA-98.02.CDE
Posted Sep 14, 1999

This advisory reports several vulnerabilities in some implementations of the Common Desktop Environment (CDE).

tags | vulnerability
MD5 | 1715e2d5702647b8e0af1ae91c5f246e
sms.175.mailtool
Posted Sep 5, 1999

No information is available for this file.

MD5 | 1062aa089c9f7871fa0998fe3d22c6ff
sms.188.rpc_cmsd
Posted Sep 5, 1999

No information is available for this file.

MD5 | 404d8fcd1565d1c6d48a28d3e299b27e
sms.187.sendmail
Posted Jun 14, 1999

Version 8.8.8 Sendmail for SunOS(tm) 5.6 and 5.5.1

systems | solaris
MD5 | fcd21e3489d5baafe0a54bd9289b67ae
sms.186.rpc_statd
Posted Jun 14, 1999

rpc.statd

MD5 | 338ca01334fb30347ca779fe1f20b382
sms.184.man_catman
Posted Feb 11, 1999

man/catman

MD5 | d0fe552fe4c702161c3bd6dcecd1675a
Page 1 of 4
Back1234Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    9 Files
  • 17
    Jun 17th
    33 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close