QNX RTP ftpd stat Buffer Overflow Vulnerability

RTP is the free version of the Real Time Operating System distributed by QNX Software Systems, Limited. It includes standard UNIX-type services, and is designed as a scalar operating system.

A vulnerability in the ftp daemon included with RTP could allow a user to arbitrarily execute code. The problem is in code executed when the stat command. A static buffer size of 100 bytes in the argv variable makes it possible to overflow the buffer, and overwrite variables on the stack, including the possibility of the return address. Shell code could then be passed onto the stack and executed with the privileges of the ftpd UID.

This makes it possible for a user with malicious motives to execute arbitrary code, and potentially gain elevated privileges.


Privacy Statement
Copyright 2010, SecurityFocus