Hello again, Just a quick update. Mitre has assigned the following additional CVE IDs:
* CVE-2023-24039 - Stack-based buffer overflow in libXm ParseColors * CVE-2023-24040 - Printer name injection and heap memory disclosure We have updated the advisory accordingly: https://github.com/hnsecurity/vulns/blob/main/HNS-2022-01-dtprintinfo.txt Regards, Marco On Wed, Jan 18, 2023 at 9:48 AM Marco Ivaldi <rap...@0xdeadbeef.info> wrote: > > Dear Full Disclosure, > > Find attached a security advisory that details multiple > vulnerabilities we discovered in Oracle Solaris CDE dtprintinfo, Motif > libXm, and X.Org libXpm. > > * Title: Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm > * Products: Common Desktop Environment 1.6, Motif 2.1, X.Org libXpm < 3.5.15 > * OS: Oracle Solaris 10 (CPU January 2021) > * Author: Marco Ivaldi <marco.iva...@hnsecurity.it> > * Date: 2023-01-18 > * Oracle vulnerability tracking numbers: > * S1597707 - Arbitrary printer name injection > * S1597724 - Heap memory disclosure via long printer names > * S1597711 - Memory corruption via malformed icon files > * S1597730 - Stack-based buffer overflow in libXm ParseColors > * CVE IDs: > * CVE-2022-46285 - Infinite loop on unclosed comments in Xorg libXpm > * Advisory URLs: > * https://github.com/hnsecurity/vulns/blob/main/HNS-2022-01-dtprintinfo.txt > * https://lists.x.org/archives/xorg-announce/2023-January/003312.html > * https://lists.x.org/archives/xorg-announce/2023-January/003313.html > * Exploit URLs: > * > https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintlibXmas.c > > For additional information, please refer to our vulnerability writeup: > https://security.humanativaspa.it/nothing-new-under-the-sun/ > > PS. No, HNS-2022-01 is not a typo. Check out the disclosure timeline > in the advisory and you'll understand why we used this label. -- Marco Ivaldi https://0xdeadbeef.info/ "When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl." _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/