CVE-2004-1681
published 2004-08-26CVE-2004-1681: Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to…
PriorityP424high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.05%
60.1th percentile
Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to gain privileges via a long -s (server) command line parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnx | rtp | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
QNX Photon input-cfg - '-s' Overflow
exploitdb·2004-09-13
CVE-2004-1681 QNX Photon input-cfg - '-s' Overflow
QNX Photon input-cfg - '-s' Overflow
---
source: https://www.securityfocus.com/bid/11164/info
Reportedly QNX Photon MicroGUI is affected by multiple buffer overflow vulnerabilities in MicroGUI utilities. These issues are due to a failure of the affected applications to validate user-supplied string lengths before copying them into finite process buffers.
An attacker may leverage these issues to execute arbitrary code on the affected system within the context of the vulnerable applications; the applications are typically setuid applications.
$ /usr/photon/bin/input-cfg -s AAAAA[...]
Exploit-DB
QNX Photon pkg-installer - '-s' Overflow
exploitdb·2004-09-13
CVE-2004-1681 QNX Photon pkg-installer - '-s' Overflow
QNX Photon pkg-installer - '-s' Overflow
---
source: https://www.securityfocus.com/bid/11164/info
Reportedly QNX Photon MicroGUI is affected by multiple buffer overflow vulnerabilities in MicroGUI utilities. These issues are due to a failure of the affected applications to validate user-supplied string lengths before copying them into finite process buffers.
An attacker may leverage these issues to execute arbitrary code on the affected system within the context of the vulnerable applications; the applications are typically setuid applications.
$ /usr/photon/bin/pkg-installer -s AAAAA[...]
Exploit-DB
QNX Photon phrelay-cfg - '-s' Overflow
exploitdb·2004-09-13
CVE-2004-1681 QNX Photon phrelay-cfg - '-s' Overflow
QNX Photon phrelay-cfg - '-s' Overflow
---
source: https://www.securityfocus.com/bid/11164/info
Reportedly QNX Photon MicroGUI is affected by multiple buffer overflow vulnerabilities in MicroGUI utilities. These issues are due to a failure of the affected applications to validate user-supplied string lengths before copying them into finite process buffers.
An attacker may leverage these issues to execute arbitrary code on the affected system within the context of the vulnerable applications; the applications are typically setuid applications.
$ /usr/photon/bin/phrelay-cfg -s AAAAA[...]
Exploit-DB
QNX Photon phlocale - '-s' Overflow
exploitdb·2004-09-13
CVE-2004-1681 QNX Photon phlocale - '-s' Overflow
QNX Photon phlocale - '-s' Overflow
---
source: https://www.securityfocus.com/bid/11164/info
Reportedly QNX Photon MicroGUI is affected by multiple buffer overflow vulnerabilities in MicroGUI utilities. These issues are due to a failure of the affected applications to validate user-supplied string lengths before copying them into finite process buffers.
An attacker may leverage these issues to execute arbitrary code on the affected system within the context of the vulnerable applications; the applications are typically setuid applications.
$ /usr/photon/bin/phlocale -s AAAAA[...]
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=109510393407597&w=2http://www.rfdslabs.com.br/qnx-advs-03-2004.txthttp://www.securityfocus.com/bid/11164https://exchange.xforce.ibmcloud.com/vulnerabilities/17339http://marc.info/?l=bugtraq&m=109510393407597&w=2http://www.rfdslabs.com.br/qnx-advs-03-2004.txthttp://www.securityfocus.com/bid/11164https://exchange.xforce.ibmcloud.com/vulnerabilities/17339
2004-08-26
Published