CVE-2023-24040

## Vulnerability dtprintinfo in Common Desktop Environment (CDE) 1.6 contains a parsing flaw in the handling of output from the external command lpstat when listing available printers. The parser does not properly sanitize printer names read from the $HOME/.printers file. This allows low-privileged local users to inject arbitrary printer names into the output. The vulnerability affects CDE 1.6 on Solaris 10 systems. [1]

Exploitation

An attacker must have local access to the system and be able to write to the $HOME/.printers file. By crafting a malicious printer name containing special characters or control sequences, the attacker can manipulate the control flow of dtprintinfo. The injection occurs when dtprintinfo invokes lpstat and parses its output. No additional authentication or user interaction is required beyond the ability to write the file. [1]

Impact

Successful exploitation allows the attacker to disclose memory contents of the dtprintinfo process. This could lead to leakage of sensitive information. The vulnerability does not provide remote code execution or privilege escalation directly, but memory disclosure may aid further attacks. The impact is limited to information disclosure. [1]

Mitigation

The Common Desktop Environment 1.6 is no longer supported by the maintainer. As of the publication date (2023-01-21), no official patch is available. Users are advised to restrict local access to trusted users or disable dtprintinfo if possible. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog. [1]