Re: [FD] local privilege escalation via CDE dtprintinfo

2019-07-18 Thread Marco Ivaldi
Hi, Just a quick follow-up to my original advisory. The CVE name CVE-2019-2832 has been assigned to the vulnerability and Oracle has released a patch in its July 2019 CPU. Further information is available at:

[FD] local privilege escalation via CDE dtprintinfo

2019-05-17 Thread Marco Ivaldi
Dear Full Disclosure, Please find attached an advisory for the following vulnerability: A buffer overflow in the DtPrinterAction::PrintActionExists() function in the Common Desktop Environment 2.3.0 and earlier, as used in Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to