
Technical Background: How to manages a CDE session? The dtsession command provides session management functionality, compliant with ICCCM 1.1, during a user session, from login to logout. It starts a window manager and allows users to save a session, restore a session, lock a session, start screen savers, and allocate colors for desktop-compatible clients.
Vulnerability details: A buffer overflow in the CheckMonitor() function in the Common Desktop. It allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefaults file (CVE-2020-2696).
- All Official Ubuntu variants 12.04 – 18.04
- Debian 6, 7, 8, 9
- Fedora 17 at least
- Archlinux
- Red Hat
- Slackware 14.0
- OpenBSD
- NetBSD
- FreeBSD 9.2, 10.x, 11.x
- openSUSE Tumbleweed (gcc7)
- openSUSE Leap 4.2 (gcc4)
- SUSE 12 SP3 (gcc4)
- Solaris, OpenIndiana
Remedy: The open source CDE 2.x version have issued the following patches for this vulnerability:
https://sourceforge.net/p/cdesktopenv/mailman/message/36900154/
https://sourceforge.net/p/cdesktopenv/code/ci/6b32246d06ab16fd7897dc344db69d0957f3ae08/