From: Marco Ivaldi <raptor () 0xdeadbeef info>
Date: Wed, 18 Jan 2023 09:48:38 +0100
Dear Full Disclosure, Find attached a security advisory that details multiple vulnerabilities we discovered in Oracle Solaris CDE dtprintinfo, Motif libXm, and X.Org libXpm. * Title: Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm * Products: Common Desktop Environment 1.6, Motif 2.1, X.Org libXpm < 3.5.15 * OS: Oracle Solaris 10 (CPU January 2021) * Author: Marco Ivaldi <marco.ivaldi () hnsecurity it> * Date: 2023-01-18 * Oracle vulnerability tracking numbers: * S1597707 - Arbitrary printer name injection * S1597724 - Heap memory disclosure via long printer names * S1597711 - Memory corruption via malformed icon files * S1597730 - Stack-based buffer overflow in libXm ParseColors * CVE IDs: * CVE-2022-46285 - Infinite loop on unclosed comments in Xorg libXpm * Advisory URLs: * https://github.com/hnsecurity/vulns/blob/main/HNS-2022-01-dtprintinfo.txt * https://lists.x.org/archives/xorg-announce/2023-January/003312.html * https://lists.x.org/archives/xorg-announce/2023-January/003313.html * Exploit URLs: * https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintlibXmas.c For additional information, please refer to our vulnerability writeup: https://security.humanativaspa.it/nothing-new-under-the-sun/ PS. No, HNS-2022-01 is not a typo. Check out the disclosure timeline in the advisory and you'll understand why we used this label. Regards, -- Marco Ivaldi https://0xdeadbeef.info/ "When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl."
Attachment:
HNS-2022-01-dtprintinfo.txt
Description:
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- HNS-2022-01 – HN Security Advisory – Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm Marco Ivaldi (Jan 19)