Description
/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.
Exploits (1)
References (5)
Core 5
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/32156/
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Mar/124
Mailing List mailing-list
x_refsource_bugtraq
http://seclists.org/bugtraq/2014/Mar/66
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Mar/98
Mailing List mailing-list
x_refsource_bugtraq
http://seclists.org/bugtraq/2014/Mar/88
Scores
EPSS
0.0065
EPSS Percentile
70.9%
Details
CWE
CWE-264
Status
published
Products (2)
blackberry/qnx_neutrino_rtos
6.4.1
blackberry/qnx_neutrino_rtos
6.5.0 (2 CPE variants)
Published
Mar 18, 2014
Tracked Since
Feb 18, 2026