lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAM+3YVpTzrvZu0NPt-0TMu9Q1BzJtYPpu__n_a16=2ThK_h28Q@mail.gmail.com>
Date: Sat, 21 Jan 2023 07:58:25 +0100
From: Marco Ivaldi <raptor@...eadbeef.info>
To: fulldisclosure@...lists.org
Subject: Re: [FD] HNS-2022-01 - HN Security Advisory - Multiple
 vulnerabilities in Solaris dtprintinfo and libXm/libXpm

Hello again,

Just a quick update. Mitre has assigned the following additional CVE IDs:

* CVE-2023-24039 - Stack-based buffer overflow in libXm ParseColors
* CVE-2023-24040 - Printer name injection and heap memory disclosure

We have updated the advisory accordingly:
https://github.com/hnsecurity/vulns/blob/main/HNS-2022-01-dtprintinfo.txt

Regards,
Marco

On Wed, Jan 18, 2023 at 9:48 AM Marco Ivaldi <raptor@...eadbeef.info> wrote:
>
> Dear Full Disclosure,
>
> Find attached a security advisory that details multiple
> vulnerabilities we discovered in Oracle Solaris CDE dtprintinfo, Motif
> libXm, and X.Org libXpm.
>
> * Title: Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm
> * Products: Common Desktop Environment 1.6, Motif 2.1, X.Org libXpm < 3.5.15
> * OS: Oracle Solaris 10 (CPU January 2021)
> * Author: Marco Ivaldi <marco.ivaldi@...ecurity.it>
> * Date: 2023-01-18
> * Oracle vulnerability tracking numbers:
>   * S1597707 - Arbitrary printer name injection
>   * S1597724 - Heap memory disclosure via long printer names
>   * S1597711 - Memory corruption via malformed icon files
>   * S1597730 - Stack-based buffer overflow in libXm ParseColors
> * CVE IDs:
>   * CVE-2022-46285 - Infinite loop on unclosed comments in Xorg libXpm
> * Advisory URLs:
>   * https://github.com/hnsecurity/vulns/blob/main/HNS-2022-01-dtprintinfo.txt
>   * https://lists.x.org/archives/xorg-announce/2023-January/003312.html
>   * https://lists.x.org/archives/xorg-announce/2023-January/003313.html
> * Exploit URLs:
>   * https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintlibXmas.c
>
> For additional information, please refer to our vulnerability writeup:
> https://security.humanativaspa.it/nothing-new-under-the-sun/
>
> PS. No, HNS-2022-01 is not a typo. Check out the disclosure timeline
> in the advisory and you'll understand why we used this label.

-- 
Marco Ivaldi
https://0xdeadbeef.info/
"When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl."
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ