|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
QNX Neutrino RTOS contains a flaw that may allow a local attacker to elevate their privileges. The issue is due to the improper handling of environment variables in the libAP library (used by any PhAB-generated application). The libph system library (libAP.so.2) does not check the bounds on user-supplied input to the ABLPATH environment variable allowing a user to overflow the _ApFindTranslationFile() function, which will execute arbitrary code under the privilege of the utility calling the library. Since many of the applications linked against libAP.so.2 are SUID, there are many vectors for using this to leverage privileged access.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Rumored / Private
|
|
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: remove the setuid bit from any programs linked to the libAP.so.2 library
|
|
Products |
|
QNX Neutrino RTOS
 |
6.3.0 |
|
|
|
|
Credit |
- Filipe Balestra - filipe
 balestra.com.br -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
