CVE-2014-2533

BlackBerry QNX Neutrino RTOS <6.5.x - Privilege Escalation

Title source: llm

Description

/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocallinux

https://www.exploit-db.com/exploits/45575

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by cenobyte · bashlocalqnx

https://www.exploit-db.com/exploits/32153

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by cenobyte, Tim Brown, bcoles · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/qnx/local/ifwatchd_priv_esc.rb

View Code ZIP pw:eip

References (6)

[Mailing List] http://seclists.org/bugtraq/2014/Mar/66

[Mailing List] http://seclists.org/bugtraq/2014/Mar/88

[Mailing List] http://seclists.org/fulldisclosure/2014/Mar/124

[Mailing List] http://seclists.org/fulldisclosure/2014/Mar/98

[Exploit] http://www.exploit-db.com/exploits/32153/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/45575/

Scores

EPSS 0.2625

EPSS Percentile 96.3%

Details

CWE

CWE-264

Status published

Products (2)

blackberry/qnx_neutrino_rtos 6.4.1

blackberry/qnx_neutrino_rtos 6.5.0 (2 CPE variants)

Published Mar 18, 2014

Tracked Since Feb 18, 2026