QNX RTOS Unspecified Bug Lets Local Users Deny Service and 'rc.local' Configuration Lets Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1015598 |
|
SecurityTracker URL: http://securitytracker.com/id/1015598
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Feb 8 2006
|
Impact:
Denial of service via local system, Root access via local system
|
|
Version(s): 6.3.0
|
Description:
iDEFENSE reported two vulnerabilities in QNX RTOS. A local user can obtain root privileges. A local user can cause denial of service conditions.
The '/etc/rc.d/rc.local' file is configured with world writable permissions. A local user can modify this file to cause arbitrary commands to be executed with root privileges when the system is started.
A local user can execute the following command to cause the operating system to hang:
echo -e "break *0xb032d59fnrncontncont" | gdb gdb
The vendor was notified on December 23 and December 24, 2004, without response.
The original advisories are available at:
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=386
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=387
|
Impact:
A local user can gain root privileges.
A local user can cause the system to hang.
|
Solution:
No solution was available at the time of this entry.
As a workaround, the report indicates that you can set more restrictive permissions on the rc.local file:
chmod 644 /etc/rc.d.rc.local
|
Vendor URL: www.qnx.com/ (Links to External Site)
|
Cause:
Configuration error, Exception handling error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 8 Feb 2006 00:59:15 -0500
Subject: QNX RTOS 6.3.0 vulnerabilities
|
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=386
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=387
|
|
