Vulnerability in Blackberry Qnx_neutrino_rtos

CVE-2014-2534

/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.

EPSS: 0.007 (71.3th percentile) — read the EPSS interpretation.

Affected products

Blackberry Qnx_neutrino_rtos — versions 6.4.1, 6.5.0
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

32156 (Exploit, exploit, x_refsource_EXPLOIT-DB)
20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS (mailing-list, x_refsource_FULLDISC)
20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS (mailing-list, x_refsource_BUGTRAQ)
20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS (mailing-list, x_refsource_FULLDISC)
20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS (mailing-list, x_refsource_BUGTRAQ)