QNX CRTTrap Local Insecure file Creation Vulnerability
BID:12123
Info
QNX CRTTrap Local Insecure file Creation Vulnerability
| Bugtraq ID: | 12123 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 29 2004 12:00AM |
| Updated: | Dec 29 2004 12:00AM |
| Credit: | Julio Cesar Fort <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
QNX RTOS 6.2 Update Patch A QNX RTOS 6.2 |
| Not Vulnerable: | |
Discussion
QNX CRTTrap Local Insecure file Creation Vulnerability
A local insecure file creation vulnerability reportedly affects QNX crttrap. This issue is due to a failure of the application to properly handle permissions on affected software.
An attacker may leverage this issue to write to and read from arbitrary files on an affected computer; this may facilitate the destruction of sensitive files triggering a system-wide denial of service condition.
A local insecure file creation vulnerability reportedly affects QNX crttrap. This issue is due to a failure of the application to properly handle permissions on affected software.
An attacker may leverage this issue to write to and read from arbitrary files on an affected computer; this may facilitate the destruction of sensitive files triggering a system-wide denial of service condition.
Exploit / POC
QNX CRTTrap Local Insecure file Creation Vulnerability
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
QNX CRTTrap Local Insecure file Creation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
QNX CRTTrap Local Insecure file Creation Vulnerability
References:
References:
- QNX Homepage (QNX Software Systems Ltd.)
- QNX crrtrap arbitrary file read/write vulnerability [RLSA_06-2004] (Julio Cesar Fort
)