6.1.0

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

qnx

exploit available

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program.

Vulnerable Configurations

Part	Description	Count
Application	Qnx QNX Rtos 4.25 QNX Rtos 6.1.0	2

Exploit-Db

description	QNX RTOS 4.25/6.1 phgrafxPrivilege Escalation Vulnerability. CVE-2002-2040. Local exploit for linux platform
id	EDB-ID:21503
last seen	2016-02-02
modified	2002-06-03
published	2002-06-03
reporter	badc0ded
source	https://www.exploit-db.com/download/21503/
title	QNX RTOS 4.25/6.1 - phgrafxPrivilege Escalation Vulnerability

description	QNX RTOS 4.25/6.1 phgrafx-startup Privilege Escalation Vulnerability. CVE-2002-2040. Local exploit for linux platform
id	EDB-ID:21504
last seen	2016-02-02
modified	2002-06-03
published	2002-06-03
reporter	badc0ded
source	https://www.exploit-db.com/download/21504/
title	QNX RTOS 4.25/6.1 - phgrafx-startup Privilege Escalation Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References