Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Stack Based Buffer Overflow Vulnerability in Multiple QNX Products

 

Systems Affected


  • Phrelay (all versions),
  • Phindows (all versions)
  • Phditto (all versions)

Threat Level


High


Overview


Remote code execution vulnerability has been reported in the QNX Neutrino RTOS products Phrelay, Phindows and Phditto which could be exploited by a remote attacker to cause a denial of service condition.


Description


Phindows/Phditto are Neutrino RTOS remote connectivity tools to connect to and interact with Photon graphical environment workspace on a remote node facilitated by Phrelay utility. A stack-based buffer overflow vulnerability exists in the Byte Pair Encoding (BPE) compression scheme where in bpe_decompress() fails to check the user-supplied input data. A remote attacker could exploit this vulnerability by sending specially crafted packet to Port 4868/UDP. Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code or it could also cause Denial-of–Service (DoS) condition.


Impact



Solution/ Workarounds


Download and install patches provided by the vendor http://www.qnx.com/download/feature.html?programid=24850


References


http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.