CVE-2014-2534

Name of the Vulnerable Software and Affected Versions BlackBerry QNX Neutrino RTOS versions 6.4.x through 6.5.x

Description The issue allows local users to obtain sensitive information by reading error messages from /sbin/pppoectl. This can be exploited to read the root password hash in /etc/shadow.

Recommendations For BlackBerry QNX Neutrino RTOS versions 6.4.x through 6.5.x, consider restricting access to the /sbin/pppoectl command to minimize the risk of exploitation. As a temporary workaround, limit the ability of local users to read error messages from this command until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.