PT-2002-2209 · Qnx · Qnx Neutrino Rtos

Published

2002-11-12

Updated

2016-10-18

CVE-2002-1239

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: QNX Neutrino RTOS version 6.2.0

Description: The issue allows local users to gain privileges by modifying the PATH environment variable to point to a malicious cp program, which is then executed by the system while operating at raised privileges.

Recommendations: For QNX Neutrino RTOS version 6.2.0, consider restricting access to the PATH environment variable to prevent unauthorized modifications, and ensure that the system's executable search path is properly configured to prevent execution of malicious programs.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1239

Affected Products

Qnx Neutrino Rtos

PT-2002-2209 · Qnx · Qnx Neutrino Rtos

CVE-2002-1239

Related Identifiers

Affected Products

References · 7