CVE-2014-2534 – QNX 6.4.x/6.5.x pppoectl - Information Disclosure
https://notcve.org/view.php?id=CVE-2014-2534
/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow. /sbin/pppoectl en BlackBerry QNX Neutrino RTOS 6.4.x y 6.5.x permite a usuarios locales obtener información sensible mediante la lectura de líneas "bad parameter" en mensajes de error, tal y como fue demostrado por la lectura del hash de contraseña root en /etc/shadow. • https://www.exploit-db.com/exploits/32156 http://seclists.org/bugtraq/2014/Mar/66 http://seclists.org/bugtraq/2014/Mar/88 http://seclists.org/fulldisclosure/2014/Mar/124 http://seclists.org/fulldisclosure/2014/Mar/98 http://www.exploit-db.com/exploits/32156 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-2533 – ifwatchd - Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-2533
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument. /sbin/ifwatchd en BlackBerry QNX Neutrino RTOS 6.4.x y 6.5.x permite a usuarios locales ganar privilegios proporcionando un nombre de programa arbitrario como un argumento de línea de comandos. • https://www.exploit-db.com/exploits/45575 https://www.exploit-db.com/exploits/32153 http://seclists.org/bugtraq/2014/Mar/66 http://seclists.org/bugtraq/2014/Mar/88 http://seclists.org/fulldisclosure/2014/Mar/124 http://seclists.org/fulldisclosure/2014/Mar/98 http://www.exploit-db.com/exploits/32153 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-2687
https://notcve.org/view.php?id=CVE-2013-2687
Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868. Desbordamiento de búfer basado en pila en la función bpe_decompress en (1) BlackBerry QNX Neutrino RTOS hasta v6.5.0 SP1 y (2) QNX Momentics Tool Suite hasta v6.5.0 SP1 en QNX Software Development Platform, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicacion) o posiblemente ejecutar código a través de paquetes sobre el puerto TCP 4868 manipulados. • http://aluigi.altervista.org/adv/qnxph_1-adv.txt http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01 http://www.qnx.com/download/feature.html?programid=24850 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-2688
https://notcve.org/view.php?id=CVE-2013-2688
Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file. Desbordamiento de búfer en BlackBerry QNX Neutrino RTOS hasta v6.5.0 SP1 en QNX Software Development Platform, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o ejecutar código mediante una serie de paquetes manipulados sobre el puerto TCP 4868, que provoca una gestión inadecuada del fichero /dev/photon • http://aluigi.altervista.org/adv/qnxph_1-adv.txt http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01 http://www.qnx.com/download/feature.html?programid=24850 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •