CVE-2022-43752 - OpenCVE

Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and double clicking on the the crafted printer's icon.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Oracle	Solaris
Common Desktop Environment Project	Common Desktop Environment

Configuration 1 [-]

AND

cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*

cpe:2.3:a:common_desktop_environment_project:_common_desktop_environment:-:*:*:*:*:*:*:*

References

Link	Resource
http://phrack.org/issues/70/13.html#article	Exploit Issue Tracking Technical Description Third Party Advisory
https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintcheckdir_intel.c	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-31T00:00:00

Updated: 2022-10-31T00:00:00

Reserved: 2022-10-26T00:00:00

Link: CVE-2022-43752

JSON object: View

NVD Information

Status : Modified

Published: 2022-10-31T21:15:13.363

Modified: 2024-05-17T02:14:39.660

Link: CVE-2022-43752

JSON object: View

Redhat Information

No data.

CWE

CWE-120

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:common_desktop_environment_project:_common_desktop_environment:-:*:*:*:*:*:*:*", "matchCriteriaId": "9C8AA20C-4CA7-40EA-8FCE-DA39D8E29E38", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and double clicking on the the crafted printer's icon."}, {"lang": "es", "value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** Oracle Solaris versi\u00f3n 10 1/13, cuando se utiliza Common Desktop Environment (CDE), es vulnerable a una vulnerabilidad de escalada de privilegios. Un usuario con pocos privilegios puede escalar a root creando una impresora maliciosa y haciendo doble clic en el \u00edcono de la impresora creada."}], "id": "CVE-2022-43752", "lastModified": "2024-05-17T02:14:39.660", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-31T21:15:13.363", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Technical Description", "Third Party Advisory"], "url": "http://phrack.org/issues/70/13.html#article"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintcheckdir_intel.c"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}