Phase:Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.
ReferencesBUGTRAQ:Friday, May 31, 2002 Multiple vulnerabilities in QNX | URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0292.html | BID:4901 | URL:http://www.securityfocus.com/bid/4901 | BID:4902 | URL:http://www.securityfocus.com/bid/4902 |
Votes:Modified (Saturday, May 28, 2005)
Comments: NOOP(5) Wall, Foat, Cole, Armstrong, Cox
F7: