Vulnerability CVE-2006-0619


Published: 2006-02-08   Modified: 2012-02-12

Description:
Multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0 allow local users to execute arbitrary code via long (1) ABLPATH or (2) ABLANG environment variables in the libAP library (libAp.so.2) or (3) a long PHOTON_PATH environment variable to the setitem function in the libph library.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
QNX -> RTOS 

 References:
http://xforce.iss.net/xforce/xfdb/24558
http://xforce.iss.net/xforce/xfdb/24557
http://www.vupen.com/english/advisories/2006/0474
http://www.securityfocus.com/bid/16539
http://www.osvdb.org/22965
http://www.osvdb.org/22964
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=382
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=381
http://securitytracker.com/id?1015599
http://secunia.com/advisories/18750

Copyright 2024, cxsecurity.com

 

Back to Top