[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-4060Date: (C)2011-10-17   (M)2023-12-22


The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.3
Exploit Score: 3.4
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/516958
http://www.securityfocus.com/archive/1/518659
BID-46838
OSVDB-71784
SREASON-8475
http://www.nth-dimension.org.uk/pub/NDSA20110310.txt.asc
http://www.qnx.com/developers/articles/rel_5189_46.html
http://www.qnx.com/developers/docs/6.5.0_sp1/index.jsp?topic=%2Fcom.qnx.doc.momentics_release_notes%2Frel_6.5.0_SP1.html

CWE    1
CWE-59

© SecPod Technologies