11 lines
No EOL
837 B
Text
11 lines
No EOL
837 B
Text
source: https://www.securityfocus.com/bid/16539/info
|
|
|
|
QNX is susceptible to multiple local vulnerabilities. These issues include multiple buffer-overflow vulnerabilities, a format-string vulnerability, an insecure library-path vulnerability, insecure default-directory-permission vulnerability, and a denial-of-service vulnerability.
|
|
|
|
These issues allow local attackers to execute arbitrary machine code and commands with superuser privileges, facilitating the complete compromise of affected computers. Attackers may also crash affected computers, denying service to legitimate users.
|
|
|
|
QNX version 6.2.0, 6.2.1, and 6.3 are affected by these issues; earlier versions may also be affected.
|
|
|
|
To exploit the denial-of-service vulnerability, the following command is reportedly sufficient:
|
|
|
|
echo -e "break *0xb032d59fnrncontncont" | gdb gdb |