PT-2008-4453 · Qnx · Qnx Momentics
Published
2008-07-07
·
Updated
2020-11-20
·
CVE-2008-3024
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
QNX Momentics (aka RTOS) versions 6.3.2 and earlier
Description
A stack-based buffer overflow issue exists in the phgrafx component, allowing local users to gain privileges. This can be achieved by providing a long .pal filename in the palette/ directory.
Recommendations
For QNX Momentics (aka RTOS) versions 6.3.2 and earlier, consider restricting access to the phgrafx component until a fix is available. As a temporary workaround, avoid using long .pal filenames in the palette/ directory to minimize the risk of exploitation.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qnx Momentics