Описание
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.
Ссылки
- Broken LinkExploitVendor Advisory
- Broken LinkPatchVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Broken LinkExploitVendor Advisory
- Broken LinkPatchVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:blackberry:qnx_neutrino_real-time_operating_system:4.25:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00169
Низкий
5.5 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-59
Связанные уязвимости
CVSS3: 5.5
github
больше 3 лет назад
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.
EPSS
Процентиль: 38%
0.00169
Низкий
5.5 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-59