CVE-2002-1239

QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program.
Configurations

Configuration 1 (hide)

cpe:2.3:a:qnx:rtos:6.2.0:*:*:*:*:*:*:*

History

20 Nov 2024, 23:40

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0066.html - () http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0066.html -
References () http://marc.info/?l=bugtraq&m=103679043232178&w=2 - () http://marc.info/?l=bugtraq&m=103679043232178&w=2 -
References () http://www.idefense.com/advisory/11.08.02b.txt - Exploit, Patch, Vendor Advisory () http://www.idefense.com/advisory/11.08.02b.txt - Exploit, Patch, Vendor Advisory
References () http://www.iss.net/security_center/static/10564.php - Vendor Advisory () http://www.iss.net/security_center/static/10564.php - Vendor Advisory
References () http://www.securityfocus.com/bid/6146 - () http://www.securityfocus.com/bid/6146 -

Information

Published : 2002-11-12 05:00

Updated : 2024-11-20 23:40


NVD link : CVE-2002-1239

Mitre link : CVE-2002-1239

CVE.ORG link : CVE-2002-1239


JSON object : View

Products Affected

qnx

  • rtos