ASA-2019-00575 – Oracle Solaris: Local privilege escalation via xscreensaver

Exploitation of a design error vulnerability in xscreensaver, as distributed with Solaris 11.x, allows local attackers to create (or append to) arbitrary files on the system, by abusing the -log command line switch introduced in version 5.06. This flaw can be leveraged to cause a denial of service condition or to escalate privileges to root, as shown in the following screenshot.