PT-2002-2209 · Qnx · Qnx Neutrino Rtos

Publicado

2002-11-12

Atualizado

2016-10-18

CVE-2002-1239

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: QNX Neutrino RTOS version 6.2.0

Description: The issue allows local users to gain privileges by modifying the PATH environment variable to point to a malicious cp program, which is then executed by the system while operating at raised privileges.

Recommendations: For QNX Neutrino RTOS version 6.2.0, consider restricting access to the PATH environment variable to prevent unauthorized modifications, and ensure that the system's executable search path is properly configured to prevent execution of malicious programs.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-1239

Produtos afetados

Qnx Neutrino Rtos

PT-2002-2209 · Qnx · Qnx Neutrino Rtos

CVE-2002-1239

Identificadores relacionados

Produtos afetados

Referências · 7