PT-2006-1675 · Qnx · Qnx Neutrino Rtos

Published

2006-02-09

Updated

2017-07-20

CVE-2006-0618

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions QNX Neutrino RTOS version 6.3.0

Description A format string issue in the fontsleuth component allows local users to execute arbitrary code by including format string specifiers in the program name, which is the zeroth argument.

Recommendations For QNX Neutrino RTOS version 6.3.0, update to a version that includes a fix for this issue, as using format string specifiers in the program name can lead to arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0618

Affected Products

Qnx Neutrino Rtos

PT-2006-1675 · Qnx · Qnx Neutrino Rtos

CVE-2006-0618

Related Identifiers

Affected Products

References · 8