ASA-2019-00575 – Oracle Solaris: Local privilege escalation via xscreensaver


Allele Security Alert

ASA-2019-00575

Identifier(s)

ASA-2019-00575, CVE-2019-3010

Title

Local privilege escalation via xscreensaver

Vendor(s)

Oracle

Product(s)

Oracle Solaris

Affected version(s)

Oracle Solaris 11.x versions before Critical Patch Update (CPU) of October 2019

Fixed version(s)

Oracle Solaris 11 versions with Critical Patch Update (CPU) of October 2019

Proof of concept

Yes

Description

There’s a design error vulnerability in xscreensaver, as distributed with Solaris 11.x. This vulnerability allows local attackers to create (or append to) arbitrary files on the system, by abusing the -log command line switch introduced in version 5.06. This flaw can be leveraged to cause a denial of service condition or to escalate privileges to root.

Technical details

Unknown

Credits

Marco Ivaldi (Media Service)

Reference(s)

CVE-2019-3010 – Local privilege escalation on Solaris 11.x via xscreensaver
https://techblog.mediaservice.net/2019/10/local-privilege-escalation-on-solaris-11-x-via-xscreensaver/

Oracle Critical Patch Update Advisory – October 2019
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Solaris 11.x LPE via xscreensaver
https://github.com/0xdea/exploits/blob/master/solaris/raptor_xscreensaver

CVE-2019-3010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3010

CVE-2019-3010
https://nvd.nist.gov/vuln/detail/CVE-2019-3010

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: October 17, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.