QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0066.html | |
http://marc.info/?l=bugtraq&m=103679043232178&w=2 | |
http://www.idefense.com/advisory/11.08.02b.txt | Exploit Patch Vendor Advisory |
http://www.iss.net/security_center/static/10564.php | Vendor Advisory |
http://www.securityfocus.com/bid/6146 |
Configurations
History
No history.
Information
Published : 2002-11-12 05:00
Updated : 2024-02-28 10:24
NVD link : CVE-2002-1239
Mitre link : CVE-2002-1239
CVE.ORG link : CVE-2002-1239
JSON object : View
Products Affected
qnx
- rtos
CWE