QNX PPPoEd Local Buffer Overflow Vulnerability

vendor:

PPPoEd

by:

Unknown

7.5

CVSS

HIGH

Local Buffer Overflow

119

CWE

Product Name: PPPoEd

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE: Unknown

CPE: a:qnx:pppoed

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

QNX PPPoEd Local Buffer Overflow Vulnerability

QNX PPPoEd is prone to multiple local buffer overflow vulnerabilities. The issues occur when handling certain command line arguments greater than 256 bytes in length. By corrupting crucial variables, an attacker can control program execution flow and execute arbitrary instructions in the context of the superuser.

Mitigation:

It is recommended to update QNX PPPoEd to a patched version or apply appropriate security measures to mitigate the risk of buffer overflow vulnerabilities.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11104/info

QNX PPPoEd is reported to be prone to multiple local buffer overflow vulnerabilities. The issues presents themselves when PPPoEd handles certain command line arguments that are greater than 256 bytes in length.

Because variables that are crucial to controlling program execution flow for PPPoEd are stored adjacent to the affected buffers, an attacker may corrupt these values and influence PPPoEd program execution flow into attacker-controlled memory. Ultimately this may lead to the execution of arbitrary instructions in the context of the superuser.

$ export overflow256='AAAAAAAAAAAAAAA(...)' (around 256 A's)
$ /usr/bin/pppoed -F $overflow256
Memory fault (core dumped)
$ /usr/bin/pppoed service=$overflow256
Memory fault (core dumped)