Vulnerabilites related to blackberry - qnx_neutrino_rtos
cve-2014-2533
Vulnerability from cvelistv5
Published
2014-03-18 01:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2014/Mar/124 | mailing-list, x_refsource_FULLDISC | |
| https://www.exploit-db.com/exploits/45575/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/bugtraq/2014/Mar/66 | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2014/Mar/98 | mailing-list, x_refsource_FULLDISC | |
| http://seclists.org/bugtraq/2014/Mar/88 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.exploit-db.com/exploits/32153/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "45575",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45575/"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"name": "32153",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/32153/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "45575",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45575/"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"name": "32153",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/32153/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "45575",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45575/"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"name": "32153",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32153/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2533",
"datePublished": "2014-03-18T01:00:00",
"dateReserved": "2014-03-17T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2688
Vulnerability from cvelistv5
Published
2013-07-12 16:00
Modified
2024-09-16 19:05
Severity ?
EPSS score ?
Summary
Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://aluigi.altervista.org/adv/qnxph_1-adv.txt | x_refsource_MISC | |
| http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01 | x_refsource_MISC | |
| http://www.qnx.com/download/feature.html?programid=24850 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-12T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"name": "http://www.qnx.com/download/feature.html?programid=24850",
"refsource": "CONFIRM",
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2688",
"datePublished": "2013-07-12T16:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-16T19:05:19.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2687
Vulnerability from cvelistv5
Published
2013-07-12 16:00
Modified
2024-09-17 03:33
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868.
References
| ▼ | URL | Tags |
|---|---|---|
| http://aluigi.altervista.org/adv/qnxph_1-adv.txt | x_refsource_MISC | |
| http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01 | x_refsource_MISC | |
| http://www.qnx.com/download/feature.html?programid=24850 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-12T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"name": "http://www.qnx.com/download/feature.html?programid=24850",
"refsource": "CONFIRM",
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2687",
"datePublished": "2013-07-12T16:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-17T03:33:05.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2534
Vulnerability from cvelistv5
Published
2014-03-18 01:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/32156/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2014/Mar/124 | mailing-list, x_refsource_FULLDISC | |
| http://seclists.org/bugtraq/2014/Mar/66 | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2014/Mar/98 | mailing-list, x_refsource_FULLDISC | |
| http://seclists.org/bugtraq/2014/Mar/88 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32156",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/32156/"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading \"bad parameter\" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-28T20:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32156",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/32156/"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading \"bad parameter\" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32156",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32156/"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/88"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2534",
"datePublished": "2014-03-18T01:00:00",
"dateReserved": "2014-03-17T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-07-12 16:56
Modified
2024-11-21 01:52
Severity ?
Summary
Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_software_development_platform | - | |
| blackberry | qnx_neutrino_rtos | * | |
| blackberry | qnx_neutrino_rtos | 6.4.1 | |
| blackberry | qnx_neutrino_rtos | 6.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F053696-43DE-40F3-933F-8C01721D3D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3CF6AE0F-3167-47A8-9727-89DC0133C0B4",
"versionEndIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4476D9C6-C77C-4420-A629-38A8FA195640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19D877E0-F8F1-434F-97F3-1DD32883FA77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en BlackBerry QNX Neutrino RTOS hasta v6.5.0 SP1 en QNX Software Development Platform, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o ejecutar c\u00f3digo mediante una serie de paquetes manipulados sobre el puerto TCP 4868, que provoca una gesti\u00f3n inadecuada del fichero /dev/photon"
}
],
"id": "CVE-2013-2688",
"lastModified": "2024-11-21T01:52:10.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-12T16:56:12.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-18 05:18
Modified
2024-11-21 02:06
Severity ?
Summary
/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_neutrino_rtos | 6.4.1 | |
| blackberry | qnx_neutrino_rtos | 6.5.0 | |
| blackberry | qnx_neutrino_rtos | 6.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4476D9C6-C77C-4420-A629-38A8FA195640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19D877E0-F8F1-434F-97F3-1DD32883FA77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "39364705-D046-4BA2-9BFF-ACF2F75EC209",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading \"bad parameter\" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow."
},
{
"lang": "es",
"value": "/sbin/pppoectl en BlackBerry QNX Neutrino RTOS 6.4.x y 6.5.x permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de l\u00edneas \"bad parameter\" en mensajes de error, tal y como fue demostrado por la lectura del hash de contrase\u00f1a root en /etc/shadow.\n\n"
}
],
"id": "CVE-2014-2534",
"lastModified": "2024-11-21T02:06:29.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-18T05:18:19.157",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/32156/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/32156/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-18 05:18
Modified
2024-11-21 02:06
Severity ?
Summary
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_neutrino_rtos | 6.4.1 | |
| blackberry | qnx_neutrino_rtos | 6.5.0 | |
| blackberry | qnx_neutrino_rtos | 6.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4476D9C6-C77C-4420-A629-38A8FA195640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19D877E0-F8F1-434F-97F3-1DD32883FA77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "39364705-D046-4BA2-9BFF-ACF2F75EC209",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument."
},
{
"lang": "es",
"value": "/sbin/ifwatchd en BlackBerry QNX Neutrino RTOS 6.4.x y 6.5.x permite a usuarios locales ganar privilegios proporcionando un nombre de programa arbitrario como un argumento de l\u00ednea de comandos."
}
],
"id": "CVE-2014-2533",
"lastModified": "2024-11-21T02:06:29.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-18T05:18:19.143",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/32153/"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/45575/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/32153/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/45575/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-12 16:55
Modified
2024-11-21 01:52
Severity ?
Summary
Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_momentics_tool_suite | * | |
| blackberry | qnx_momentics_tool_suite | 4.5 | |
| blackberry | qnx_momentics_tool_suite | 4.6 | |
| blackberry | qnx_momentics_tool_suite | 4.7 | |
| blackberry | qnx_momentics_tool_suite | 6.5.0 | |
| blackberry | qnx_software_development_platform | - | |
| blackberry | qnx_neutrino_rtos | * | |
| blackberry | qnx_neutrino_rtos | 6.4.1 | |
| blackberry | qnx_neutrino_rtos | 6.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1F184BC9-8E64-4976-8E3A-F6FF4C1593DB",
"versionEndIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A796624B-7F7A-4A92-B83E-D592096B9753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "97DA1B48-77C6-4C30-816E-B0BC2FEF3401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "856700E9-717A-4CE1-A451-23090ACC0A56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7819F1A5-3519-4EEF-895D-B76A452BD4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F053696-43DE-40F3-933F-8C01721D3D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3CF6AE0F-3167-47A8-9727-89DC0133C0B4",
"versionEndIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4476D9C6-C77C-4420-A629-38A8FA195640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19D877E0-F8F1-434F-97F3-1DD32883FA77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n bpe_decompress en (1) BlackBerry QNX Neutrino RTOS hasta v6.5.0 SP1 y (2) QNX Momentics Tool Suite hasta v6.5.0 SP1 en QNX Software Development Platform, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicacion) o posiblemente ejecutar c\u00f3digo a trav\u00e9s de paquetes sobre el puerto TCP 4868 manipulados."
}
],
"id": "CVE-2013-2687",
"lastModified": "2024-11-21T01:52:10.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-12T16:55:01.037",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}