CVE-2004-1391

Name of the Vulnerable Software and Affected Versions: QNX RTP version 6.1

Description: The issue concerns an untrusted execution path vulnerability in the PPPoE daemon, allowing local users to execute arbitrary programs. This is achieved by modifying the PATH environment variable to point to a malicious mount program.

Recommendations: For QNX RTP version 6.1, consider restricting modifications to the PATH environment variable to prevent pointing to malicious mount programs until a fix is available. As a temporary workaround, restrict access to the PPPoE daemon to minimize the risk of exploitation.