Vulnerabilites related to ghs - integrity_rtos
Vulnerability from fkie_nvd
Published
2019-03-26 01:29
Modified
2024-11-21 04:48
Severity ?
Summary
An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf() without a proper check. An attacker may thus forge a path containing format string modifiers to get a custom format string evaluated. This results in an information leak of memory addresses.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bl4ckic3/GHS-Bugs | Third Party Advisory | |
| cve@mitre.org | https://www.ghs.com/products/rtos/integrity.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bl4ckic3/GHS-Bugs | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ghs.com/products/rtos/integrity.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ghs | integrity_rtos | 5.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ghs:integrity_rtos:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF4035E-02BD-499A-AB23-346F1EC3A1AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf() without a proper check. An attacker may thus forge a path containing format string modifiers to get a custom format string evaluated. This results in an information leak of memory addresses."
},
{
"lang": "es",
"value": "Se ha encontrado un problema en handler_ipcom_shell_pwd el servidor Interpeak IPCOMShell TELNET en Green Hills INTEGRITY RTOS 5.0.4. Al usar el comando pwd, la ruta del directorio de trabajo actual se utiliza como el primer argumento para printf() sin una comprobaci\u00f3n adecuada. As\u00ed, un atacante podr\u00eda falsificar una ruta que contenga modificadores de cadena de formato para obtener la evaluaci\u00f3n de una cadena de formato personalizada. Esto resulta en una fuga de informaci\u00f3n de direcciones de memoria."
}
],
"id": "CVE-2019-7712",
"lastModified": "2024-11-21T04:48:33.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-26T01:29:00.837",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-26 01:29
Modified
2024-11-21 04:48
Severity ?
Summary
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the (user controlled) shell's prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bl4ckic3/GHS-Bugs | Third Party Advisory | |
| cve@mitre.org | https://www.ghs.com/products/rtos/integrity.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bl4ckic3/GHS-Bugs | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ghs.com/products/rtos/integrity.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ghs | integrity_rtos | 5.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ghs:integrity_rtos:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF4035E-02BD-499A-AB23-346F1EC3A1AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command \"prompt\" sets the (user controlled) shell\u0027s prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses."
},
{
"lang": "es",
"value": "Se ha encontrado un problema en el servidor Interpeak IPCOMShell TELNET en Green Hills INTEGRITY RTOS 5.0.4. El int\u00e9rprete de comando no documentado shell configura el valor de introducci\u00f3n del comando shell controlado por el usuario, que se usa como introducci\u00f3n de la cadena de formato a printf, lo cual resulta en una fuga de informaci\u00f3n de direcciones de memoria."
}
],
"id": "CVE-2019-7711",
"lastModified": "2024-11-21T04:48:33.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-26T01:29:00.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-26 02:29
Modified
2024-11-21 04:48
Severity ?
Summary
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar command results in a user-controlled format string during login, resulting in an information leak of memory addresses.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bl4ckic3/GHS-Bugs | Third Party Advisory | |
| cve@mitre.org | https://www.ghs.com/products/rtos/integrity.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bl4ckic3/GHS-Bugs | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ghs.com/products/rtos/integrity.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ghs | integrity_rtos | 5.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ghs:integrity_rtos:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF4035E-02BD-499A-AB23-346F1EC3A1AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar command results in a user-controlled format string during login, resulting in an information leak of memory addresses."
},
{
"lang": "es",
"value": "Se ha encontrado un problema en el servidor Interpeak IPCOMShell TELNET en Green Hills INTEGRITY RTOS 5.0.4. La funci\u00f3n principal de gesti\u00f3n de comandos shell utiliza el valor de la variable de entorno ipcom.shell.greeting como primer argumento en printf(). La configuraci\u00f3n de esta variable mediante el comando sysvar resulta en un cadena de formato controlada por el usuario en la fase de inicio de sesi\u00f3n, resultando en una fuga de informaci\u00f3n de direcciones de memoria."
}
],
"id": "CVE-2019-7715",
"lastModified": "2024-11-21T04:48:34.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-26T02:29:00.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-26 01:29
Modified
2024-11-21 04:48
Severity ?
Summary
An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bl4ckic3/GHS-Bugs | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.ghs.com/products/rtos/integrity.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bl4ckic3/GHS-Bugs | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ghs.com/products/rtos/integrity.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ghs | integrity_rtos | 5.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ghs:integrity_rtos:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF4035E-02BD-499A-AB23-346F1EC3A1AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow."
},
{
"lang": "es",
"value": "Se ha encontrado un problema en Interpeak IPWEBS en Green Hills INTEGRITY RTOS 5.0.4. Asigna 60 bytes a la cabecera de autenticaci\u00f3n HTTP. Sin embargo, al copiar esta cabecera para analizarla, no se comprueba el tama\u00f1o de la propia cabecera, provocando as\u00ed un desbordamiento de b\u00fafer basado en pila."
}
],
"id": "CVE-2019-7714",
"lastModified": "2024-11-21T04:48:34.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-26T01:29:00.930",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-26 01:29
Modified
2024-11-21 04:48
Severity ?
Summary
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. There is a heap-based buffer overflow in the function responsible for printing the shell prompt, when a custom modifier is used to display information such as a process ID, IP address, or current working directory. Modifier expansion triggers this overflow, causing memory corruption or a crash (and also leaks memory address information).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bl4ckic3/GHS-Bugs | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.ghs.com/products/rtos/integrity.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bl4ckic3/GHS-Bugs | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ghs.com/products/rtos/integrity.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ghs | integrity_rtos | 5.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ghs:integrity_rtos:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF4035E-02BD-499A-AB23-346F1EC3A1AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. There is a heap-based buffer overflow in the function responsible for printing the shell prompt, when a custom modifier is used to display information such as a process ID, IP address, or current working directory. Modifier expansion triggers this overflow, causing memory corruption or a crash (and also leaks memory address information)."
},
{
"lang": "es",
"value": "Se ha encontrado un problema en el servidor Interpeak IPCOMShell TELNET en Green Hills INTEGRITY RTOS 5.0.4. Hay un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en la funci\u00f3n encargada de imprimir el int\u00e9rprete de comandos shell cuando se utiliza un modificador personalizado para mostrar informaci\u00f3n como el ID de un proceso, la direcci\u00f3n IP o el directorio de trabajo actual. La expansi\u00f3n del modificador provoca este desbordamiento, que resulta en una corrupci\u00f3n de memoria y un cierre inesperado, adem\u00e1s de provocar una fuga de informaci\u00f3n de direcciones de memoria."
}
],
"id": "CVE-2019-7713",
"lastModified": "2024-11-21T04:48:33.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-26T01:29:00.883",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-7714 (GCVE-0-2019-7714)
Vulnerability from cvelistv5
Published
2019-03-26 01:01
Modified
2024-08-04 20:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/bl4ckic3/GHS-Bugs | x_refsource_MISC | |
| https://www.ghs.com/products/rtos/integrity.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T01:01:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bl4ckic3/GHS-Bugs",
"refsource": "MISC",
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"name": "https://www.ghs.com/products/rtos/integrity.html",
"refsource": "MISC",
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7714",
"datePublished": "2019-03-26T01:01:00",
"dateReserved": "2019-02-10T00:00:00",
"dateUpdated": "2024-08-04T20:54:28.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7712 (GCVE-0-2019-7712)
Vulnerability from cvelistv5
Published
2019-03-26 01:00
Modified
2024-08-04 20:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf() without a proper check. An attacker may thus forge a path containing format string modifiers to get a custom format string evaluated. This results in an information leak of memory addresses.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/bl4ckic3/GHS-Bugs | x_refsource_MISC | |
| https://www.ghs.com/products/rtos/integrity.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf() without a proper check. An attacker may thus forge a path containing format string modifiers to get a custom format string evaluated. This results in an information leak of memory addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T01:00:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf() without a proper check. An attacker may thus forge a path containing format string modifiers to get a custom format string evaluated. This results in an information leak of memory addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bl4ckic3/GHS-Bugs",
"refsource": "MISC",
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"name": "https://www.ghs.com/products/rtos/integrity.html",
"refsource": "MISC",
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7712",
"datePublished": "2019-03-26T01:00:37",
"dateReserved": "2019-02-10T00:00:00",
"dateUpdated": "2024-08-04T20:54:28.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7715 (GCVE-0-2019-7715)
Vulnerability from cvelistv5
Published
2019-03-26 01:01
Modified
2024-08-04 20:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar command results in a user-controlled format string during login, resulting in an information leak of memory addresses.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/bl4ckic3/GHS-Bugs | x_refsource_MISC | |
| https://www.ghs.com/products/rtos/integrity.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar command results in a user-controlled format string during login, resulting in an information leak of memory addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T01:01:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar command results in a user-controlled format string during login, resulting in an information leak of memory addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bl4ckic3/GHS-Bugs",
"refsource": "MISC",
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"name": "https://www.ghs.com/products/rtos/integrity.html",
"refsource": "MISC",
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7715",
"datePublished": "2019-03-26T01:01:45",
"dateReserved": "2019-02-10T00:00:00",
"dateUpdated": "2024-08-04T20:54:28.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7713 (GCVE-0-2019-7713)
Vulnerability from cvelistv5
Published
2019-03-26 01:00
Modified
2024-08-04 20:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. There is a heap-based buffer overflow in the function responsible for printing the shell prompt, when a custom modifier is used to display information such as a process ID, IP address, or current working directory. Modifier expansion triggers this overflow, causing memory corruption or a crash (and also leaks memory address information).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/bl4ckic3/GHS-Bugs | x_refsource_MISC | |
| https://www.ghs.com/products/rtos/integrity.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. There is a heap-based buffer overflow in the function responsible for printing the shell prompt, when a custom modifier is used to display information such as a process ID, IP address, or current working directory. Modifier expansion triggers this overflow, causing memory corruption or a crash (and also leaks memory address information)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T01:00:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. There is a heap-based buffer overflow in the function responsible for printing the shell prompt, when a custom modifier is used to display information such as a process ID, IP address, or current working directory. Modifier expansion triggers this overflow, causing memory corruption or a crash (and also leaks memory address information)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bl4ckic3/GHS-Bugs",
"refsource": "MISC",
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"name": "https://www.ghs.com/products/rtos/integrity.html",
"refsource": "MISC",
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7713",
"datePublished": "2019-03-26T01:00:49",
"dateReserved": "2019-02-10T00:00:00",
"dateUpdated": "2024-08-04T20:54:28.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7711 (GCVE-0-2019-7711)
Vulnerability from cvelistv5
Published
2019-03-26 01:00
Modified
2024-08-04 20:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the (user controlled) shell's prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/bl4ckic3/GHS-Bugs | x_refsource_MISC | |
| https://www.ghs.com/products/rtos/integrity.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command \"prompt\" sets the (user controlled) shell\u0027s prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T01:00:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command \"prompt\" sets the (user controlled) shell\u0027s prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bl4ckic3/GHS-Bugs",
"refsource": "MISC",
"url": "https://github.com/bl4ckic3/GHS-Bugs"
},
{
"name": "https://www.ghs.com/products/rtos/integrity.html",
"refsource": "MISC",
"url": "https://www.ghs.com/products/rtos/integrity.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7711",
"datePublished": "2019-03-26T01:00:24",
"dateReserved": "2019-02-10T00:00:00",
"dateUpdated": "2024-08-04T20:54:28.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}