/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qnx_neutrino_rtos | Blackberry | 6.4.1 (including) | 6.4.1 (including) |
| Qnx_neutrino_rtos | Blackberry | 6.5.0 (including) | 6.5.0 (including) |
| Qnx_neutrino_rtos | Blackberry | 6.5.0-sp1 (including) | 6.5.0-sp1 (including) |
References
- http://seclists.org/bugtraq/2014/Mar/66
- http://seclists.org/bugtraq/2014/Mar/88
- http://seclists.org/fulldisclosure/2014/Mar/124
- http://seclists.org/fulldisclosure/2014/Mar/98
- http://www.exploit-db.com/exploits/32153/
- https://www.exploit-db.com/exploits/45575/
- http://seclists.org/bugtraq/2014/Mar/66
- http://seclists.org/bugtraq/2014/Mar/88
- http://seclists.org/fulldisclosure/2014/Mar/124
- http://seclists.org/fulldisclosure/2014/Mar/98
- http://www.exploit-db.com/exploits/32153/
- https://www.exploit-db.com/exploits/45575/