FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

x11/cde -- Local privilege escalation via CDE dtsession

Affected packages
cde < 2.4.0

Details

VuXML ID 848bdd06-f93a-11eb-9f7d-206a8a720317
Discovery 2020-01-15
Entry 2021-08-09

Marco Ivaldi (marco.ivaldi () mediaservice net) reports:

A buffer overflow in the CheckMonitor() function in the Common Desktop Environment 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefaults file.

[source]

References

CVE Name CVE-2020-2696
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2696

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.