-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
I have identified multiple security vulnerabilities that are exploitable via the the setuid-root dtprintinfo binary from the Common Desktop Environment (CDE) distributed with Oracle Solaris 10. I demonstrated the possibility to chain together a printer name injection bug in dtprintinfo and a stack-based buffer overflow in libXm to achieve local privilege escalation to root on a fully-patched Solaris 10 system. The exploit is available at https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintlibXmas.c.
Oracle won't be releasing patches. See https://github.com/hnsecurity/vulns/blob/main/HNS-2022-01-dtprintinfo.txt for additional details.