module
Solaris xscreensaver log Privilege Escalation
| Disclosed |
|---|
| Oct 16, 2019 |
Disclosed
Oct 16, 2019
Description
This module exploits a vulnerability in `xscreensaver` versions
since 5.06 on unpatched Solaris 11 systems which allows users
to gain root privileges.
`xscreensaver` allows users to create a user-owned file at any
location on the filesystem using the `-log` command line argument
introduced in version 5.06.
This module uses `xscreensaver` to create a log file in `/usr/lib/secure/`,
overwrites the log file with a shared object, and executes the shared
object using the `LD_PRELOAD` environment variable.
This module has been tested successfully on:
xscreensaver version 5.15 on Solaris 11.1 (x86); and
xscreensaver version 5.15 on Solaris 11.3 (x86).
since 5.06 on unpatched Solaris 11 systems which allows users
to gain root privileges.
`xscreensaver` allows users to create a user-owned file at any
location on the filesystem using the `-log` command line argument
introduced in version 5.06.
This module uses `xscreensaver` to create a log file in `/usr/lib/secure/`,
overwrites the log file with a shared object, and executes the shared
object using the `LD_PRELOAD` environment variable.
This module has been tested successfully on:
xscreensaver version 5.15 on Solaris 11.1 (x86); and
xscreensaver version 5.15 on Solaris 11.3 (x86).
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.