Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1390

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1390
Last Modified 05 Sep 2008 04:41:14
Published 31 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1390

Summary

Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allow remote attackers to execute arbitrary code via a long argument to the (1) -F, (2) name, (3) en, (4) upscript, (5) downscript, (6) retries, (7) timeout, (8) scriptdetach, (9) noscript, (10) nodetach, (11) remote_mac, or (12) local_mac flags.

Vulnerable Systems

Application

  • Qnx Rtos 2.4

  • Qnx Rtos 4.25

  • Qnx Rtos 6.1.0

  • Qnx Rtos 6.2.0

  • Qnx Rtos 6.2.0a

  • Qnx Rtp 6.1


References

CERT-VN - VU#961686

XF - Qnx-rtp-pppoed-flags-bo(17280)

BID - 11104

FULLDISC - 20040903 [RLSA_01-2004] QNX PPPoEd local root vulnerabilities


Last Updated: 27 May 2016 10:39:01