Description
Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allow remote attackers to execute arbitrary code via a long argument to the (1) -F, (2) name, (3) en, (4) upscript, (5) downscript, (6) retries, (7) timeout, (8) scriptdetach, (9) noscript, (10) nodetach, (11) remote_mac, or (12) local_mac flags.
Product(s):
- QNX RTOS 2.4
- QNX RTOS 4.25
- QNX RTOS 6.1.0
- QNX RTOS 6.2.0
- QNX RTOS 6.2.0a
- QNX RTP 6.1
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1390, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1390 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.