CVE-2002-2407

Name of the Vulnerable Software and Affected Versions QNX Neutrino realtime operating system (RTOS) version 6.2.0

Description The issue allows local users to gain privileges by modifying certain files before their permissions are changed. The files affected include /sbin/io-audio, /bin/shutdown, /sbin/fs-pkg, phshutdown, cpim, vpim, phrelaycfg, columns, othello, peg, solitaire, and vpoker. These files are modified by certain patches, including OS Update Patch A and QNX experimental patches, as well as the games pack 2.0.3.

Recommendations For QNX Neutrino realtime operating system (RTOS) version 6.2.0, apply the necessary patches to secure the permissions of the affected files, ensuring that local users cannot modify them to gain privileges. As a temporary workaround, consider restricting access to the affected files until a patch is available.