qnx neutrino rtos vulnerabilities and exploits

(subscribe to this query)

5.4

CVSSv2

Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS up to and including 6.5.0 SP1 in the QNX Software Development Platform allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868...

Blackberry Qnx Neutrino Rtos 6.5.0 Blackberry Qnx Neutrino Rtos 6.4.1 Blackberry Qnx Software Development Platform -Blackberry Qnx Neutrino Rtos

3.5

CVSSv2

Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows malicious users to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID.

Qnx Neutrino Rtos 6.2.0 Qnx Photon Microgui Qnx Neutrino Rtos 6.1.0

7.2

CVSSv2

/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.

Blackberry Qnx Neutrino Rtos 6.4.1 Blackberry Qnx Neutrino Rtos 6.5.0

2 EDB exploits

4.9

CVSSv2

/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.

Blackberry Qnx Neutrino Rtos 6.5.0 Blackberry Qnx Neutrino Rtos 6.4.1

1 EDB exploit

3.3

CVSSv2

The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack.

Qnx Neutrino Rtos 6.5.0

4.6

CVSSv2

Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name).

Qnx Neutrino Rtos 6.3.0

7.8

CVSSv2

Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS up to and including 6.5.0 SP1 and (2) QNX Momentics Tool Suite up to and including 6.5.0 SP1 in the QNX Software Development Platform allows remote malicious users to cause a denial of ...

Blackberry Qnx Momentics Tool Suite 6.5.0 Blackberry Qnx Momentics Tool Suite 4.7 Blackberry Qnx Momentics Tool Suite 4.6 Blackberry Qnx Momentics Tool Suite 4.5 Blackberry Qnx Neutrino Rtos 6.5.0 Blackberry Qnx Neutrino Rtos Blackberry Qnx Neutrino Rtos 6.4.1 Blackberry Qnx Software Development Platform -Blackberry Qnx Momentics Tool Suite

6.2

CVSSv2

Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users to execute arbitrary code via unspecified manipulations of the PHFONT and PHOTON2_PATH environment variables.

Qnx Rtos 6.2.1a Qnx Rtos 6.2.1b Qnx Rtos 6.2.1

1 EDB exploit

4.6

CVSSv2

Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample ...

Blackberry Qnx Neutrino Real-time Operating System 4.25

3 EDB exploits

6.9

CVSSv2

Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8)...

Qnx Rtos 6.2 Qnx Rtos 6.2a

Get Started

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook