Vulnerabilities > CVE-2006-0623 - Local Privilege Escalation and Denial Of Service vulnerability in QNX Rtos 6.3.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable permissions, which allows local users to modify the file and execute arbitrary code at system startup.
Exploit-Db
| description | QNX RTOS 6.3.0 Insecure rc.local Permissions Plus System Crash Exploit. CVE-2006-0623. Local exploit for qnx platform |
| id | EDB-ID:1481 |
| last seen | 2016-01-31 |
| modified | 2006-02-08 |
| published | 2006-02-08 |
| reporter | kokanin |
| source | https://www.exploit-db.com/download/1481/ |
| title | QNX RTOS 6.3.0 Insecure rc.local Permissions Plus System Crash Exploit |
References
- http://secunia.com/advisories/18750
- http://securitytracker.com/id?1015598
- http://www.idefense.com/intelligence/vulnerabilities/display.php?id=387
- http://www.osvdb.org/22958
- http://www.securityfocus.com/bid/16539
- http://www.vupen.com/english/advisories/2006/0474
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24552