header-logo
Suggest Exploit
vendor:
RTOS
by:
SecurityFocus
7.2
CVSS
HIGH
Local Arbitrary File Disclosure
264
CWE
Product Name: RTOS
Affected Version From: 6.1
Affected Version To: 6.3
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

QNX RTOS Local Arbitrary File Disclosure Vulnerability

QNX RTOS is susceptible to a local arbitrary file disclosure vulnerability. This issue is due to a failure of the 'inputtrap' utility to properly implement access control restrictions. This vulnerability allows local malicious users to gain access to the contents of arbitrary files with superuser privileges, aiding them in further attacks.

Mitigation:

Ensure that access control restrictions are properly implemented for the 'inputtrap' utility.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14656/info

QNX RTOS is susceptible to a local arbitrary file disclosure vulnerability. This issue is due to a failure of the 'inputtrap' utility to properly implement access control restrictions.

This vulnerability allows local malicious users to gain access to the contents of arbitrary files with superuser privileges, aiding them in further attacks.

QNX RTOS versions 6.1 and 6.3 are affected by this issue. Other versions are also likely affected. This issue is similar to the one described in BID 4901. 

inputtrap -t /etc/shadow start