CVE-2017-9369

Name of the Vulnerable Software and Affected Versions BlackBerry QNX Software Development Platform (SDP) versions 6.5.0 SP1 and earlier, 6.6.0

Description An information disclosure issue exists in the default configuration of the QNX SDP, allowing an attacker to gain information about the memory layout of higher privileged processes. This is achieved by manipulating environment variables that influence the loader.

Recommendations For BlackBerry QNX Software Development Platform (SDP) versions 6.5.0 SP1 and earlier, consider restricting access to environment variables that influence the loader until a fix is available. For version 6.6.0, consider restricting access to environment variables that influence the loader until a fix is available.