QNX Neutrino RTOS su First Parameter Local Overflow

2006-02-07T08:02:54
ID OSVDB:22961
Type osvdb
Reporter Texonet()
Modified 2006-02-07T08:02:54

Description

Vulnerability Description

A local overflow exists in QNX Neutrino RTOS. The 'su' binary fails to properly check user-supplied input as the first argument to the program resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code with root priveleges.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: restrict access to the su binary

Short Description

A local overflow exists in QNX Neutrino RTOS. The 'su' binary fails to properly check user-supplied input as the first argument to the program resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code with root priveleges.

References:

Vendor URL: http://www.qnx.com/products/rtos/ Security Tracker: 1015599 Secunia Advisory ID:18750 Other Advisory URL: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=385 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0120.html ISS X-Force ID: 24554 FrSIRT Advisory: ADV-2006-0474 CVE-2006-0621