| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Jan 2023 09:48:38 +0100
From: Marco Ivaldi <raptor@...eadbeef.info>
To: fulldisclosure@...lists.org
Subject: [FD] HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities
in Solaris dtprintinfo and libXm/libXpm
Dear Full Disclosure,
Find attached a security advisory that details multiple
vulnerabilities we discovered in Oracle Solaris CDE dtprintinfo, Motif
libXm, and X.Org libXpm.
* Title: Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm
* Products: Common Desktop Environment 1.6, Motif 2.1, X.Org libXpm < 3.5.15
* OS: Oracle Solaris 10 (CPU January 2021)
* Author: Marco Ivaldi <marco.ivaldi@...ecurity.it>
* Date: 2023-01-18
* Oracle vulnerability tracking numbers:
* S1597707 - Arbitrary printer name injection
* S1597724 - Heap memory disclosure via long printer names
* S1597711 - Memory corruption via malformed icon files
* S1597730 - Stack-based buffer overflow in libXm ParseColors
* CVE IDs:
* CVE-2022-46285 - Infinite loop on unclosed comments in Xorg libXpm
* Advisory URLs:
* https://github.com/hnsecurity/vulns/blob/main/HNS-2022-01-dtprintinfo.txt
* https://lists.x.org/archives/xorg-announce/2023-January/003312.html
* https://lists.x.org/archives/xorg-announce/2023-January/003313.html
* Exploit URLs:
* https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintlibXmas.c
For additional information, please refer to our vulnerability writeup:
https://security.humanativaspa.it/nothing-new-under-the-sun/
PS. No, HNS-2022-01 is not a typo. Check out the disclosure timeline
in the advisory and you'll understand why we used this label.
Regards,
--
Marco Ivaldi
https://0xdeadbeef.info/
"When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl."
View attachment "HNS-2022-01-dtprintinfo.txt" of type "text/plain" (28414 bytes)
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists