CVE-2002-2039

Name of the Vulnerable Software and Affected Versions QNX realtime operating system (RTOS) versions 4.25 through 6.1.0

Description The issue allows local users to obtain sensitive information from core dump files by sending the SIGSERV signal, which is related to an invalid memory reference, to /bin/su in the affected QNX RTOS versions.

Recommendations For QNX RTOS versions 4.25 through 6.1.0, consider restricting access to the /bin/su command until a fix is available. As a temporary workaround, avoid using the /bin/su command with signals that may cause an invalid memory reference, such as SIGSERV, until the issue is resolved.