header-logo
Suggest Exploit
vendor:
QNX RTOS
by:
SecurityFocus
7.2
CVSS
HIGH
Local File Overwrite
264
CWE
Product Name: QNX RTOS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

QNX RTOS monitor Utility Local File Overwrite Vulnerability

The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files (such as /etc/passwd). monitor is installed setuid root by default. The monitor -f command line option may be used by a local attacker to cause an arbitrary system file to be overwritten. Once overwritten, the attacker will gain ownership of the file.

Mitigation:

Ensure that the monitor utility is not installed with setuid root privileges.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4902/info

The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files (such as /etc/passwd). monitor is installed setuid root by default.

The monitor -f command line option may be used by a local attacker to cause an arbitrary system file to be overwritten. Once overwritten, the attacker will gain ownership of the file.

monitor -f /etc/passwd

Navigation

Suggest Exploit

Services By CQR