CVE-2014-2534

Sažetak

/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.

Reference

http://seclists.org/bugtraq/2014/Mar/66
http://seclists.org/bugtraq/2014/Mar/88
http://seclists.org/fulldisclosure/2014/Mar/124
http://seclists.org/fulldisclosure/2014/Mar/98
http://www.exploit-db.com/exploits/32156/

CVSS

Base:	4.9
Impact:	6.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:N/A:N

Zadnje važnije ažuriranje

01-04-2014 - 06:29

Objavljeno

18-03-2014 - 05:18