When an attempt to connect to the Telindus router is made using the administrative software, the router sends the password to the client in plain text. This packet is sent via UDP. The vendor has released firmware version 6.0.27, dated July 2002. Reports suggest that this firmware does not adequately protect against this vulnerability. The firmware is reported to use an encrypted UDP packet when connecting to the router. However, the firmware uses a weak encryption scheme and thus it is easily circumvented by an attacker.
A remote buffer overflow vulnerability has been reported in some versions of SHOUTCast Server. An authenticated DJ may supply oversized data to the server, which will then overflow a memory buffer. Execution of arbitrary code is reported to be possible.
Teekai's Tracking Online is vulnerable to Cross-Site Scripting attacks due to insufficient filtering of HTML tags from certain URL parameters. An attacker can exploit this vulnerability by crafting a malicious link to a vulnerable webpage, such as http://target/page.php?action=view&id=1<script>alert(document.cookie)</script>. When a user clicks on the link, the malicious script will be executed in the user's browser.
The QNX implementation of 'ptrace()' is reportedly insecure. An unprivileged process may attach to a setuid program without restriction. Since the attaching process may view or edit memory, an attacker may exploit this issue to escalate privileges.
It has been reported that the pkg-installer utility for QNX is vulnerable to a buffer overflow condition. The vulnerability is a result of an unbounded string copy of the argument to the "-U" commandline option of pkg-installer to a local buffer.
The QNX phlocale utility is prone to an exploitable buffer overflow condition due to insufficient bounds checking of the ABLANG environment variable. Exploitation of this issue may result in execution of arbitrary attacker-supplied instructions as root.
The QNX phgrafx-startup utility is prone to an issue which may make it possible for local attackers to escalate privileges. This issue is due to unsafe use of the system() function to invoke other programs. This vulnerability may be trivially exploited to gain root privileges.
The QNX phgrafx utility is prone to an issue which may make it possible for local attackers to escalate privileges. This issue is due to unsafe use of the system() function to invoke other programs. This vulnerability may be trivially exploited to gain root privileges.
The QNX RTOS debugging utility 'dumper' follows symbolic links and sets ownership of the file to the userid of the terminated process. This can be exploited by malicious local attackers to overwrite and gain ownership of arbitrary files, allowing them to elevate to root privileges by modifying files such as '/etc/passwd'.
It has been reported that the 'su' utility for QNX RTOS accepts the SIGSEGV signal and dumps a world readable core file. An attacker is able to analyze the core file and obtain very sensitive information. By sending a SIGSEGV signal to the 'su' process, an attacker can obtain a copy of the root user's password hash.
Services By CQR