search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Multiple buffer overflow vulnerabilities in QNX

Vulnerability Note VU#879386

Original Release Date: 2002-10-11 | Last Revised: 2003-08-05

Overview

Multiple buffer overflow vulnerabilities have been reported in QnX.

Description

QnX is an RTOS (Realtime Operating System). QnX is used in many different devices and industries, including, but not limited to,

    • Routers
    • Manufacturing and Processing
    • Medical Equipment
    • Automotive and Transportation
    • Military and Aerospace
    • Consumer Electronics
    • Industry Automation and Control

According to this vulnerability report, the following commands contain buffer overflow vulnerabilities:

/bin/du
/bin/find
/bin/lex
/bin/mkdir
/bin/rm
/bin/serserv
/bin/tcpserv
/bin/termdef
/bin/time
/bin/unzip
/bin/use
/bin/wcc
/bin/wcc386
/bin/wd
/bin/wdisasm
/bin/which
/bin/wlib
/bin/wlink
/bin/wpp
/bin/wpp386
/bin/wprof
/bin/write
/bin/wstrip

Impact

A local attacker may be able to execute arbitrary code.

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Vendor Information

879386
 

View all 183 vendors View less vendors


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Egor Egorov for reporting this vulnerability.

This document was written by Ian A Finlay.

Other Information

CVE IDs: None
Severity Metric: 17.25
Date Public: 2002-06-12
Date First Published: 2002-10-11
Date Last Updated: 2003-08-05 18:42 UTC
Document Revision: 28

Sponsored by CISA.