CVE-2002-0793

Name of the Vulnerable Software and Affected Versions: QNX RTOS version 4.25

Description: The issue allows local users to overwrite arbitrary files via specific arguments to certain utilities, including (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility. This is related to hard link and possibly symbolic link following vulnerabilities.

Recommendations: For QNX RTOS version 4.25, consider restricting access to the monitor utility, dumper, crttrap, and the Watcom sample utility to minimize the risk of exploitation. Avoid using the -f argument to the monitor utility, the -d argument to dumper, and the -c argument to crttrap until a fix is available.