Local Information Disclosure in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x
CVE-2014-2534

Currently unrated

Key Information:

Vendor

Blackberry

Status
Qnx Neutrino Rtos
Vendor
CVE Published:
18 March 2014

What is CVE-2014-2534?

In BlackBerry's QNX Neutrino RTOS versions 6.4.x and 6.5.x, a flaw in the /sbin/pppoectl component enables local users to read sensitive data from 'bad parameter' error messages. This could potentially expose critical information, such as the root password hash located in /etc/shadow, leading to unauthorized access or further security implications. Administrators should ensure that their systems are updated and monitor for unusual access patterns to mitigate such risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.exploit-db.com/exploits/32156/
exploitx_refsource_EXPLOIT-DB
http://seclists.org/fulldisclosure/2014/Mar/124
mailing-listx_refsource_FULLDISC
http://seclists.org/bugtraq/2014/Mar/66
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.