FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

x11/cde -- Local privilege escalation via CDE dtsession

Affected packages
cde < 2.4.0


VuXML ID 848bdd06-f93a-11eb-9f7d-206a8a720317
Discovery 2020-01-15
Entry 2021-08-09

Marco Ivaldi (marco.ivaldi () mediaservice net) reports:

A buffer overflow in the CheckMonitor() function in the Common Desktop Environment 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefaults file.


CVE Name CVE-2020-2696