CVE-2008-3024 — HIGH (9.3) — White Hats Nepal

Q: What is CVE-2008-3024?

CVE-2008-3024 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/.

Q: How severe is CVE-2008-3024?

CVE-2008-3024 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-3024?

Check the references section above for vendor advisories and patch information. Affected products include: Blackberry Qnx Momentics.

Vulnerability Description

Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Blackberry	Qnx Momentics	<= 6.3.2

Related Weaknesses (CWE)

CWE-787

References

http://secunia.com/advisories/30808Third Party Advisory
http://securityreason.com/securityalert/3974ExploitThird Party Advisory
http://www.scanit.net/rd/advisories/adv01Broken Link
http://www.securityfocus.com/archive/1/493816/100/0/threadedExploitThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/30024ExploitThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1020411Third Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2008/1996/referencesThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/43542Third Party AdvisoryVDB Entry
http://secunia.com/advisories/30808Third Party Advisory
http://securityreason.com/securityalert/3974ExploitThird Party Advisory
http://www.scanit.net/rd/advisories/adv01Broken Link
http://www.securityfocus.com/archive/1/493816/100/0/threadedExploitThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/30024ExploitThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1020411Third Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2008/1996/referencesThird Party Advisory

FAQ

What is CVE-2008-3024?

CVE-2008-3024 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/.

How severe is CVE-2008-3024?

CVE-2008-3024 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-3024?

Check the references section above for vendor advisories and patch information. Affected products include: Blackberry Qnx Momentics.