Search
Find a vulnerability
Search criteria
6 vulnerabilities found for neutrino_rtos by qnx
CVE-2011-4060 (GCVE-0-2011-4060)
Vulnerability from nvd – Published: 2011-10-18 01:00 – Updated: 2024-08-06 23:53
VLAI
EPSS
VEX
Summary
The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/518659 | mailing-listx_refsource_BUGTRAQ |
| http://www.qnx.com/developers/docs/6.5.0_sp1/inde… | x_refsource_CONFIRM |
| http://www.nth-dimension.org.uk/pub/NDSA20110310.… | x_refsource_MISC |
| http://www.osvdb.org/71784 | vdb-entryx_refsource_OSVDB |
| http://www.qnx.com/developers/articles/rel_5189_46.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/46838 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/516958 | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/8475 | third-party-advisoryx_refsource_SREASON |
Date Public
2011-03-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110629 Breaking the links: Exploiting the linker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/518659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qnx.com/developers/docs/6.5.0_sp1/index.jsp?topic=%2Fcom.qnx.doc.momentics_release_notes%2Frel_6.5.0_SP1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nth-dimension.org.uk/pub/NDSA20110310.txt.asc"
},
{
"name": "71784",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/71784"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qnx.com/developers/articles/rel_5189_46.html"
},
{
"name": "46838",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46838"
},
{
"name": "20110311 Medium severity flaw in QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516958"
},
{
"name": "8475",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8475"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-01T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20110629 Breaking the links: Exploiting the linker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/518659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qnx.com/developers/docs/6.5.0_sp1/index.jsp?topic=%2Fcom.qnx.doc.momentics_release_notes%2Frel_6.5.0_SP1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nth-dimension.org.uk/pub/NDSA20110310.txt.asc"
},
{
"name": "71784",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/71784"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qnx.com/developers/articles/rel_5189_46.html"
},
{
"name": "46838",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46838"
},
{
"name": "20110311 Medium severity flaw in QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516958"
},
{
"name": "8475",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8475"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110629 Breaking the links: Exploiting the linker",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518659"
},
{
"name": "http://www.qnx.com/developers/docs/6.5.0_sp1/index.jsp?topic=%2Fcom.qnx.doc.momentics_release_notes%2Frel_6.5.0_SP1.html",
"refsource": "CONFIRM",
"url": "http://www.qnx.com/developers/docs/6.5.0_sp1/index.jsp?topic=%2Fcom.qnx.doc.momentics_release_notes%2Frel_6.5.0_SP1.html"
},
{
"name": "http://www.nth-dimension.org.uk/pub/NDSA20110310.txt.asc",
"refsource": "MISC",
"url": "http://www.nth-dimension.org.uk/pub/NDSA20110310.txt.asc"
},
{
"name": "71784",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71784"
},
{
"name": "http://www.qnx.com/developers/articles/rel_5189_46.html",
"refsource": "CONFIRM",
"url": "http://www.qnx.com/developers/articles/rel_5189_46.html"
},
{
"name": "46838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46838"
},
{
"name": "20110311 Medium severity flaw in QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516958"
},
{
"name": "8475",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8475"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4060",
"datePublished": "2011-10-18T01:00:00.000Z",
"dateReserved": "2011-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:53:32.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0618 (GCVE-0-2006-0618)
Vulnerability from nvd – Published: 2006-02-09 02:00 – Updated: 2024-08-07 16:41
VLAI
EPSS
VEX
Summary
Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/0474 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/18750 | third-party-advisoryx_refsource_SECUNIA |
| http://www.idefense.com/intelligence/vulnerabilit… | third-party-advisoryx_refsource_IDEFENSE |
| http://securitytracker.com/id?1015599 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/22966 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/16539 | vdb-entryx_refsource_BID |
Date Public
2006-02-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:28.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "qnx-fontsleuth-format-string(24559)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24559"
},
{
"name": "ADV-2006-0474",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0474"
},
{
"name": "18750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18750"
},
{
"name": "20060207 QNX Neutrino RTOS fontsleuth Command Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=380"
},
{
"name": "1015599",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015599"
},
{
"name": "22966",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22966"
},
{
"name": "16539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "qnx-fontsleuth-format-string(24559)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24559"
},
{
"name": "ADV-2006-0474",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0474"
},
{
"name": "18750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18750"
},
{
"name": "20060207 QNX Neutrino RTOS fontsleuth Command Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=380"
},
{
"name": "1015599",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015599"
},
{
"name": "22966",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22966"
},
{
"name": "16539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16539"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "qnx-fontsleuth-format-string(24559)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24559"
},
{
"name": "ADV-2006-0474",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0474"
},
{
"name": "18750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18750"
},
{
"name": "20060207 QNX Neutrino RTOS fontsleuth Command Format String Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=380"
},
{
"name": "1015599",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015599"
},
{
"name": "22966",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22966"
},
{
"name": "16539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16539"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0618",
"datePublished": "2006-02-09T02:00:00.000Z",
"dateReserved": "2006-02-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:41:28.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2409 (GCVE-0-2002-2409)
Vulnerability from nvd – Published: 2007-11-01 17:00 – Updated: 2024-09-16 23:51
VLAI
EPSS
VEX
Summary
Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/10658.php | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/6207 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:12.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "qnx-photon-view-clipboard(10658)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10658.php"
},
{
"name": "6207",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6207"
},
{
"name": "20021119 Clipboard in QNX Photon",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0267.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-01T17:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "qnx-photon-view-clipboard(10658)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10658.php"
},
{
"name": "6207",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6207"
},
{
"name": "20021119 Clipboard in QNX Photon",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0267.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "qnx-photon-view-clipboard(10658)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10658.php"
},
{
"name": "6207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6207"
},
{
"name": "20021119 Clipboard in QNX Photon",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0267.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2409",
"datePublished": "2007-11-01T17:00:00.000Z",
"dateReserved": "2007-11-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:51:22.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4060 (GCVE-0-2011-4060)
Vulnerability from cvelistv5 – Published: 2011-10-18 01:00 – Updated: 2024-08-06 23:53
VLAI
EPSS
VEX
Summary
The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/518659 | mailing-listx_refsource_BUGTRAQ |
| http://www.qnx.com/developers/docs/6.5.0_sp1/inde… | x_refsource_CONFIRM |
| http://www.nth-dimension.org.uk/pub/NDSA20110310.… | x_refsource_MISC |
| http://www.osvdb.org/71784 | vdb-entryx_refsource_OSVDB |
| http://www.qnx.com/developers/articles/rel_5189_46.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/46838 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/516958 | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/8475 | third-party-advisoryx_refsource_SREASON |
Date Public
2011-03-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110629 Breaking the links: Exploiting the linker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/518659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qnx.com/developers/docs/6.5.0_sp1/index.jsp?topic=%2Fcom.qnx.doc.momentics_release_notes%2Frel_6.5.0_SP1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nth-dimension.org.uk/pub/NDSA20110310.txt.asc"
},
{
"name": "71784",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/71784"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qnx.com/developers/articles/rel_5189_46.html"
},
{
"name": "46838",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46838"
},
{
"name": "20110311 Medium severity flaw in QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516958"
},
{
"name": "8475",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8475"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-01T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20110629 Breaking the links: Exploiting the linker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/518659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qnx.com/developers/docs/6.5.0_sp1/index.jsp?topic=%2Fcom.qnx.doc.momentics_release_notes%2Frel_6.5.0_SP1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nth-dimension.org.uk/pub/NDSA20110310.txt.asc"
},
{
"name": "71784",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/71784"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qnx.com/developers/articles/rel_5189_46.html"
},
{
"name": "46838",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46838"
},
{
"name": "20110311 Medium severity flaw in QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516958"
},
{
"name": "8475",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8475"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110629 Breaking the links: Exploiting the linker",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518659"
},
{
"name": "http://www.qnx.com/developers/docs/6.5.0_sp1/index.jsp?topic=%2Fcom.qnx.doc.momentics_release_notes%2Frel_6.5.0_SP1.html",
"refsource": "CONFIRM",
"url": "http://www.qnx.com/developers/docs/6.5.0_sp1/index.jsp?topic=%2Fcom.qnx.doc.momentics_release_notes%2Frel_6.5.0_SP1.html"
},
{
"name": "http://www.nth-dimension.org.uk/pub/NDSA20110310.txt.asc",
"refsource": "MISC",
"url": "http://www.nth-dimension.org.uk/pub/NDSA20110310.txt.asc"
},
{
"name": "71784",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71784"
},
{
"name": "http://www.qnx.com/developers/articles/rel_5189_46.html",
"refsource": "CONFIRM",
"url": "http://www.qnx.com/developers/articles/rel_5189_46.html"
},
{
"name": "46838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46838"
},
{
"name": "20110311 Medium severity flaw in QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516958"
},
{
"name": "8475",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8475"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4060",
"datePublished": "2011-10-18T01:00:00.000Z",
"dateReserved": "2011-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:53:32.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2409 (GCVE-0-2002-2409)
Vulnerability from cvelistv5 – Published: 2007-11-01 17:00 – Updated: 2024-09-16 23:51
VLAI
EPSS
VEX
Summary
Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/10658.php | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/6207 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:12.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "qnx-photon-view-clipboard(10658)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10658.php"
},
{
"name": "6207",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6207"
},
{
"name": "20021119 Clipboard in QNX Photon",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0267.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-01T17:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "qnx-photon-view-clipboard(10658)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10658.php"
},
{
"name": "6207",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6207"
},
{
"name": "20021119 Clipboard in QNX Photon",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0267.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "qnx-photon-view-clipboard(10658)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10658.php"
},
{
"name": "6207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6207"
},
{
"name": "20021119 Clipboard in QNX Photon",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0267.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2409",
"datePublished": "2007-11-01T17:00:00.000Z",
"dateReserved": "2007-11-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:51:22.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0618 (GCVE-0-2006-0618)
Vulnerability from cvelistv5 – Published: 2006-02-09 02:00 – Updated: 2024-08-07 16:41
VLAI
EPSS
VEX
Summary
Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/0474 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/18750 | third-party-advisoryx_refsource_SECUNIA |
| http://www.idefense.com/intelligence/vulnerabilit… | third-party-advisoryx_refsource_IDEFENSE |
| http://securitytracker.com/id?1015599 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/22966 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/16539 | vdb-entryx_refsource_BID |
Date Public
2006-02-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:28.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "qnx-fontsleuth-format-string(24559)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24559"
},
{
"name": "ADV-2006-0474",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0474"
},
{
"name": "18750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18750"
},
{
"name": "20060207 QNX Neutrino RTOS fontsleuth Command Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=380"
},
{
"name": "1015599",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015599"
},
{
"name": "22966",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22966"
},
{
"name": "16539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "qnx-fontsleuth-format-string(24559)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24559"
},
{
"name": "ADV-2006-0474",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0474"
},
{
"name": "18750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18750"
},
{
"name": "20060207 QNX Neutrino RTOS fontsleuth Command Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=380"
},
{
"name": "1015599",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015599"
},
{
"name": "22966",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22966"
},
{
"name": "16539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16539"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "qnx-fontsleuth-format-string(24559)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24559"
},
{
"name": "ADV-2006-0474",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0474"
},
{
"name": "18750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18750"
},
{
"name": "20060207 QNX Neutrino RTOS fontsleuth Command Format String Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=380"
},
{
"name": "1015599",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015599"
},
{
"name": "22966",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22966"
},
{
"name": "16539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16539"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0618",
"datePublished": "2006-02-09T02:00:00.000Z",
"dateReserved": "2006-02-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:41:28.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}