CVE-2019-3010 – Local privilege escalation on Solaris 11.x via xscreensaver
As previously mentioned, INFILTRATE left me with the will to hack stuff and enjoy it like it was 1999. That’s why I decided to take a closer look at Solaris 11.4 and search for potential...
View ArticleCVE-2020-2656 – Low impact information disclosure via Solaris xlock
A low impact information disclosure vulnerability in the setuid root xlock binary distributed with Solaris may allow local users to read partial contents of sensitive files. Due to the fact that...
View ArticleCVE-2020-2696 – Local privilege escalation via CDE dtsession
During my recent audit of Oracle Solaris, undertaken as a weekend project, I inevitably had to review the Common Desktop Environment shipped with Solaris 10. CDE has a huge attack surface of legacy...
View ArticleCVE-2020-7799 – FusionAuth “Apache Freemarker” Code Execution
@Mediaservice.net Security Advisory #2020-03 (last updated on 2020-01-27) Title: FusionAuth command execution via Apache Freemarker Template Application: FusionAuth 1.10 and lower Platforms: Tested on...
View ArticleCVE-2019-12180 – ReadyAPI & SoapUI command execution via malicous project file
In early 2019, I had to pentest a couple of SOAP WebServices of a client and, as usual, I requested them some example requests as a baseline for my analysis. The client suggested to use a SoapUI /...
View ArticleCVE-2020-2944 – Local privilege escalation via CDE sdtcm_convert
Since I moved from Solaris 11 to audit Solaris 10, my weekend project has become much more fun… As you already know if you are a reader of this blog, at the beginning of November I started auditing...
View ArticleCVE-2020-2851 – Stack-based buffer overflow in CDE libDtSvc
A difficult to exploit stack-based buffer overflow in the _DtCreateDtDirs() function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 (Update 11) and earlier may allow...
View ArticleCVE-2020-2771 – Heap-based buffer overflow in Solaris whodo and w commands
A difficult to exploit heap-based buffer overflow in setuid root whodo and w binaries distributed with Solaris allows local users to corrupt memory and potentially execute arbitrary code in order to...
View Article