CVE-2019-7715

Name of the Vulnerable Software and Affected Versions Green Hills INTEGRITY RTOS version 5.0.4

Description An issue was discovered in the Interpeak IPCOMShell TELNET server. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(), resulting in a user-controlled format string during login. This leads to an information leak of memory addresses.

Recommendations For Green Hills INTEGRITY RTOS version 5.0.4, consider restricting the ability to set the ipcom.shell.greeting environment variable using the sysvar command to minimize the risk of exploitation. As a temporary workaround, avoid using the printf() function with user-controlled input until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.