vendor:
QNX
by:
SecurityFocus
7.2
CVSS
HIGH
Buffer-overflow, Format-string, Insecure library-path, Insecure default-directory-permission, Denial-of-Service
N/A
CWE
Product Name: QNX
Affected Version From: 6.2.2000
Affected Version To: 6.3
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005
QNX Multiple Local Vulnerabilities
QNX is susceptible to multiple local vulnerabilities. These issues include multiple buffer-overflow vulnerabilities, a format-string vulnerability, an insecure library-path vulnerability, insecure default-directory-permission vulnerability, and a denial-of-service vulnerability. These issues allow local attackers to execute arbitrary machine code and commands with superuser privileges, facilitating the complete compromise of affected computers. Attackers may also crash affected computers, denying service to legitimate users. To exploit the denial-of-service vulnerability, the following command is reportedly sufficient: echo -e "break *0xb032d59fnrncontncont" | gdb gdb
Mitigation:
Upgrade to the latest version of QNX
