QNX RTOS 4.25 - monitor Arbitrary File Modification
| EKU-ID: 27006 | CVE: CVE-2002-0793;OSVDB-12215 | OSVDB-ID: |
| Author: Simon Ouellette | Published: 2002-05-31 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 27006 | CVE: CVE-2002-0793;OSVDB-12215 | OSVDB-ID: |
| Author: Simon Ouellette | Published: 2002-05-31 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/4902/info The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files (such as /etc/passwd). monitor is installed setuid root by default. The monitor -f command line option may be used by a local attacker to cause an arbitrary system file to be overwritten. Once overwritten, the attacker will gain ownership of the file. monitor -f /etc/passwd