Multiple buffer overflows in QNX 4.25 may allow local users to execute arbitrary code via long command line arguments to (1) sample, (2) ex, (3) du, (4) find, (5) lex, (6) mkdir, (7) rm, (8) serserv, (9) tcpserv, (10) termdef, (11) time, (12) unzip, (13) use, (14) wcc, (15) wcc386, (16) wd, (17) wdisasm, (18) which, (19) wlib, (20) wlink, (21) wpp, (22) wpp386, (23) wprof, (24) write, or (25) wstrip.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qnx_rtos | Qnx | 4.25 (including) | 4.25 (including) |
References
- http://www.kb.cert.org/vuls/id/879386
- http://www.securityfocus.com/archive/1/276553
- http://www.securityfocus.com/bid/5000
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9341
- http://www.kb.cert.org/vuls/id/879386
- http://www.securityfocus.com/archive/1/276553
- http://www.securityfocus.com/bid/5000
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9341