CVE-2020-2696
Description
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in CDE dtsession in Oracle Solaris 10 allows local low-privileged attacker to escalate privileges and take over the system.
Vulnerability
A buffer overflow vulnerability exists in the CheckMonitor() function of the Common Desktop Environment (CDE) dtsession binary as distributed with Oracle Solaris 10. The affected CDE versions are 2.3.1 and earlier, and 1.6 and earlier. [1]
Exploitation
A low-privileged attacker with local logon to the system can exploit this vulnerability with low complexity. No user interaction or additional privileges beyond initial logon are required. The attack vector is local. [1]
Impact
Successful exploitation can result in full takeover of Oracle Solaris, impacting confidentiality, integrity, and availability with high severity. The attack may also affect other products due to the scope change (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). [1]
Mitigation
Oracle addressed this vulnerability in the Critical Patch Update (CPU) of January 2020. Users should apply the security patch provided by Oracle. No workaround is available. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 10
- Oracle Corporation/Solaris Operating Systemv5Range: 10
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- packetstormsecurity.com/files/155963/SunOS-5.10-Generic_147148-26-Local-Privilege-Escalation.htmlmitrex_refsource_MISC
- packetstormsecurity.com/files/155991/Common-Desktop-Environment-2.3.1-Buffer-Overflow.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2020/Jan/24mitremailing-listx_refsource_FULLDISC
- www.openwall.com/lists/oss-security/2020/01/20/2mitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2020/Jan/22mitremailing-listx_refsource_BUGTRAQ
- www.oracle.com/security-alerts/cpujan2020.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.