PT-2005-2521 · Blackberry · Qnx Neutrino Rtos

Published

2005-12-31

Updated

2017-07-11

CVE-2005-1528

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions QNX Neutrino RTOS version 6.2.1

Description The issue concerns an untrusted search path vulnerability in the crttrap command. This vulnerability allows local users to load arbitrary libraries by manipulating the LD LIBRARY PATH environment variable to reference a malicious library.

Recommendations For QNX Neutrino RTOS version 6.2.1, as a temporary workaround, consider restricting the use of the LD LIBRARY PATH environment variable to prevent loading malicious libraries until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1528

Affected Products

Qnx Neutrino Rtos

PT-2005-2521 · Blackberry · Qnx Neutrino Rtos

CVE-2005-1528

Related Identifiers

Affected Products

References · 8