Local Information Disclosure in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x
CVE-2014-2534

Currently unrated

Key Information:

Vendor: Blackberry
Status: Qnx Neutrino Rtos
Vendor: CVE Published:; 18 March 2014

What is CVE-2014-2534?

In BlackBerry's QNX Neutrino RTOS versions 6.4.x and 6.5.x, a flaw in the /sbin/pppoectl component enables local users to read sensitive data from 'bad parameter' error messages. This could potentially expose critical information, such as the root password hash located in /etc/shadow, leading to unauthorized access or further security implications. Administrators should ensure that their systems are updated and monitor for unusual access patterns to mitigate such risks.

References

http://www.exploit-db.com/exploits/32156/

exploitx_refsource_EXPLOIT-DB

http://seclists.org/fulldisclosure/2014/Mar/124

mailing-listx_refsource_FULLDISC

http://seclists.org/bugtraq/2014/Mar/66

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 18, 2014
Vulnerability Reserved
Mar 17, 2014

Blackberry

What is CVE-2014-2534?

References

Timeline