{"vuid":"VU#879386","idnumber":"879386","name":"Multiple buffer overflow vulnerabilities in QNX","keywords":["qnx"],"overview":"Multiple buffer overflow vulnerabilities have been reported in QnX.","clean_desc":"QnX is an RTOS (Realtime Operating System). QnX is used in many different devices and industries, including, but not limited to, Routers\nManufacturing and Processing \nMedical Equipment\nAutomotive and Transportation\nMilitary and Aerospace\nConsumer Electronics\nIndustry Automation  and Control According to this vulnerability report, the following commands contain buffer overflow vulnerabilities: /bin/du       \n/bin/find     \n/bin/lex      \n/bin/mkdir  \n/bin/rm      \n/bin/serserv  \n/bin/tcpserv \n/bin/termdef  \n/bin/time    \n/bin/unzip   \n/bin/use     \n/bin/wcc     \n/bin/wcc386   \n/bin/wd      \n/bin/wdisasm  \n/bin/which   \n/bin/wlib    \n/bin/wlink    \n/bin/wpp      \n/bin/wpp386   \n/bin/wprof   \n/bin/write    \n/bin/wstrip","impact":"A local attacker may be able to execute arbitrary code.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"","sysaffected":"","thanks":"Thanks to Egor Egorov for reporting this vulnerability.","author":"This document was written by Ian A Finlay.","public":["http://online.securityfocus.com/archive/1/276553","http://qdn.qnx.com/support/docs/qnx4/index.html","http://www.securityfocus.com/bid/5000","http://www.qnx.com"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-06-12T22:49:05Z","publicdate":"2002-06-12T00:00:00Z","datefirstpublished":"2002-10-11T15:16:26Z","dateupdated":"2003-08-05T18:42:19Z","revision":28,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"8","cam_population":"10","cam_impact":"20","cam_easeofexploitation":"20","cam_attackeraccessrequired":"10","cam_scorecurrent":"17.25","cam_scorecurrentwidelyknown":"21","cam_scorecurrentwidelyknownexploited":"36","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":17.25,"vulnote":null}