CVE-2004-1682

Name of the Vulnerable Software and Affected Versions QNX version 6.1

Description A format string issue in the QNX 6.1 FTP client allows remote authenticated users to gain group bin privileges. This is achieved by using format string specifiers in the QUOTE command.

Recommendations For QNX version 6.1, consider restricting access to the FTP client until a fix is available, and avoid using format string specifiers in the QUOTE command to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.