CVE-2014-2533
published 2014-03-18CVE-2014-2533: /sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line…
PriorityP341high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
2.91%
85.2th percentile
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| blackberry | qnx_neutrino_rtos | — | — |
| blackberry | qnx_neutrino_rtos | — | — |
| python | pillow | >= 0 < 2.3.0-1ubuntu3.2 | 2.3.0-1ubuntu3.2 |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6mpg-v9p2-xw8m: /sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6
ghsa_unreviewed·2022-05-14
CVE-2014-2533 [HIGH] GHSA-6mpg-v9p2-xw8m: /sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.
OSV
Pillow vulnerabilities
osv·2016-09-27·CVSS 5.0
CVE-2014-9601 Pillow vulnerabilities
Pillow vulnerabilities
It was discovered that a flaw in processing a compressed text chunk in
a PNG image could cause the image to have a large size when decompressed,
potentially leading to a denial of service. (CVE-2014-9601)
Andrew Drake discovered that Pillow incorrectly validated input. A remote
attacker could use this to cause Pillow to crash, resulting in a denial
of service. (CVE-2014-3589)
Eric Soroos discovered that Pillow incorrectly handled certain malformed
FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to
cause Pillow to crash, resulting in a denial of service.
(CVE-2016-0740, CVE-2016-0775, CVE-2016-2533)
No detection rules found.
Exploit-DB
ifwatchd - Privilege Escalation (Metasploit)
exploitdb·2018-10-09
CVE-2014-2533 ifwatchd - Privilege Escalation (Metasploit)
ifwatchd - Privilege Escalation (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'ifwatchd Privilege Escalation',
'Description' => %q{
This module attempts to gain root privileges on QNX 6.4.x and 6.5.x
systems by exploiting the ifwatchd suid executable.
ifwatchd allows users to specify scripts to execute using the '-A'
command line argument; however, it does not drop privileges when
executing user-supplied scripts, resulting in execution of arbitrary
commands as root.
This module has been tested successfully on QNX Neutrino 6.5.0 (x86)
and 6.5.0 SP1 (x86).
},
'License' => MSF_LICENSE,
'Author' =>
[
'cenobyte', # Discovery and exploit
'Tim Brown', # Independ
Exploit-DB
QNX 6.4.x/6.5.x ifwatchd - Local Privilege Escalation
exploitdb·2014-03-10
CVE-2014-2533 QNX 6.4.x/6.5.x ifwatchd - Local Privilege Escalation
QNX 6.4.x/6.5.x ifwatchd - Local Privilege Escalation
---
#!/bin/sh
#
# QNX 6.4.x/6.5.x ifwatchd local root exploit by cenobyte 2013
#
#
# - vulnerability description:
# Setuid root ifwatchd watches for addresses added to or deleted from network
# interfaces and calls up/down scripts for them. Any user can launch ifwatchd
# and provide arbitrary up/down scripts. Unfortunately ifwatchd does not drop
# privileges when executing user supplied scripts.
#
# - vulnerable platforms:
# QNX 6.5.0SP1
# QNX 6.5.0
# QNX 6.4.1
#
# - exploit description:
# This exploit creates a fake arrival-script which will be executed as root by
# passing it to the -A parameter of /sbin/ifwatchd. The fake arrival-script
# copies /bin/sh to /tmp/shell and makes it setuid root. Once the setuid shell
# is in place ifw
Metasploit
ifwatchd Privilege Escalation
metasploit
ifwatchd Privilege Escalation
ifwatchd Privilege Escalation
This module attempts to gain root privileges on QNX 6.4.x and 6.5.x systems by exploiting the ifwatchd suid executable. ifwatchd allows users to specify scripts to execute using the '-A' command line argument; however, it does not drop privileges when executing user-supplied scripts, resulting in execution of arbitrary commands as root. This module has been tested successfully on QNX Neutrino 6.5.0 (x86) and 6.5.0 SP1 (x86).
No writeups or analysis indexed.
http://seclists.org/bugtraq/2014/Mar/66http://seclists.org/bugtraq/2014/Mar/88http://seclists.org/fulldisclosure/2014/Mar/124http://seclists.org/fulldisclosure/2014/Mar/98http://www.exploit-db.com/exploits/32153/https://www.exploit-db.com/exploits/45575/http://seclists.org/bugtraq/2014/Mar/66http://seclists.org/bugtraq/2014/Mar/88http://seclists.org/fulldisclosure/2014/Mar/124http://seclists.org/fulldisclosure/2014/Mar/98http://www.exploit-db.com/exploits/32153/https://www.exploit-db.com/exploits/45575/
2014-03-18
Published