PT-2005-2521 · Blackberry · Qnx Neutrino Rtos

Publicado

2005-12-31

Atualizado

2017-07-11

CVE-2005-1528

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions QNX Neutrino RTOS version 6.2.1

Description The issue concerns an untrusted search path vulnerability in the crttrap command. This vulnerability allows local users to load arbitrary libraries by manipulating the LD LIBRARY PATH environment variable to reference a malicious library.

Recommendations For QNX Neutrino RTOS version 6.2.1, as a temporary workaround, consider restricting the use of the LD LIBRARY PATH environment variable to prevent loading malicious libraries until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-1528

Produtos afetados

Qnx Neutrino Rtos

PT-2005-2521 · Blackberry · Qnx Neutrino Rtos

CVE-2005-1528

Identificadores relacionados

Produtos afetados

Referências · 8