header-logo
Suggest Exploit
vendor:
QNX RTOS
by:
SecurityFocus
7.2
CVSS
HIGH
crttrap Local File Disclosure
200
CWE
Product Name: QNX RTOS
Affected Version From: QNX RTOS 4.25
Affected Version To: QNX RTOS 6.2.1
Patch Exists: YES
Related CWE: CVE-2002-0386
CPE: o:qnx:qnx_rtos
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2002

crttrap Local File Disclosure

The QNX RTOS crttrap binary includes a command-line option for specifying a configuration file. crttrap is installed setuid by default, allowing local attackers to specify an arbitrary system file in place of the configuration file and crttrap will disclose the contents of the arbitrary file.

Mitigation:

Users should remove the setuid bit from the crttrap binary.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4901/info

The QNX RTOS crttrap binary includes a command-line option for specifying a configuration file. crttrap is installed setuid by default. crttrap Local attackers may specify an arbitrary system file in place of the configuration file and crttrap will disclose the contents of the arbitrary file. 

crttrap -c /etc/shadow

Navigation

Suggest Exploit

Services By CQR