Vulnerabilities > CVE-2002-1239 - Unspecified vulnerability in QNX Rtos 6.2.0

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

qnx

exploit available

NVD

Published: 2002-11-12

Updated: 2016-10-18

Summary

QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program.

Vulnerable Configurations

Part	Description	Count
Application	Qnx QNX Rtos 6.2.0	1

Exploit-Db

description	QNX RTOS 6.2 Application Packager Non-Explicit Path Execution Vulnerability. CVE-2002-1239. Local exploit for linux platform
id	EDB-ID:22002
last seen	2016-02-02
modified	2002-11-08
published	2002-11-08
reporter	Texonet
source	https://www.exploit-db.com/download/22002/
title	QNX RTOS 6.2 Application Packager Non-Explicit Path Execution Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References