BugTraq
Medium severity flaw in BlackBerry QNX Neutrino RTOS Mar 11 2014 08:34PM
Tim Brown (timb nth-dimension org uk) (1 replies)
Summary

This advisory concerns the forced disclosure of 2 vulnerabilities that were
previously disclosed to BlackBerry. Disclosure has been forced since these
vulnerabilities have been publicly disclosed (with PoC) on the exploit-db
web site.

Two local privilege escalation vulnerabilities have been identified that would
ultimately result in malicious code being executed in a trusted context. The
first allows direct code execution (http://www.exploit-db.com/exploits/32153/)
whilst the second allows for the root password to be disclosed
(http://www.exploit-db.com/exploits/32156/).

It should be noted that Nth Dimension do not believe that the bug collision
are due to a leak within BlackBerry but rather that these are the simply
instances of multiple researchers identifying the same vulnerable code paths.

Current

As of the 11th March 2014, both the privilege escalation attacks have been
disclosed by a 3rd party. In light of this and in the absence of any timely
response from BlackBerry, Nth Dimension have opted to make full details
public.
--
Tim Brown
<mailto:timb (at) nth-dimension.org (dot) uk [email concealed]>
<http://www.nth-dimension.org.uk/>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAABCAAGBQJTH3NRAAoJEPJhpTVyySo7ExkP/RJD9GWMUWC411FeYgtvHgOK
fVCfKQxFy4jowJ8VeUdiqkz1xUd6+d4LGZx8EKuVm0qfEys4qkbnh0kN5XGpAhtB
ng22yeXw6PqF2vUodjBD2x8kAKVyhCbVHit3RSoedf7guzFOYeMjrZsjJ/FwR82H
1qezLwotJ3TiBoy1PAU1gM1crZEt7h8spASuuz1SrvAEpEv+XgXSXLZILhIh0QX1
50QJO5Zjjli4ZTPxUMMFU92RvbE0cI358P/OqWISXuN/nOTiANEZOS0LFgR5NnEV
Xt3HeimZm7UMc0JumwaGIcJtd/KwKql5qn2AtdbYPwgPl1mu8TtyhqFNFeABp+iW
dOpLLCpqCE03FwGq5zISeHuS5dtoPFcz/mHeA0Ivq2V1AZwoniNNJLu4m4HI7zNQ
ClPlkLhJD37LIrNiYLHSJokiyntVvrsCgEYqji/wLkD8YiCBAyoW2879NM7C5D4W
DypAPPVQjo56Ix3za1CCkDpUiVnCP9W7UFVsnSxnDx8g18EuAJV9vGuLk6KfKMUf
lLTkOxZmFxwsSFUhehL2EMj8ujjaU0zPreuHFX+2Kmvz7FrDbOief0wN+NYIKFlx
H48EpxflcrNq43N2G/KKRB69ZWq1fM04wKjT0aojHt/wb/I6WvgS2hUbKXPSktrD
7u5ebts0MX0Vsr4gvPiz
=AK+p
-----END PGP SIGNATURE-----

[ reply ]
Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS Mar 13 2014 11:02AM
Tim Brown (timb nth-dimension org uk)


 

Privacy Statement
Copyright 2010, SecurityFocus