Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious mount program.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Rtos | Qnx | 6.1.0 (including) | 6.1.0 (including) |
| Rtos | Qnx | 6.1.0a (including) | 6.1.0a (including) |
| Rtos | Qnx | 6.2.0 (including) | 6.2.0 (including) |
| Rtos | Qnx | 6.2.1a (including) | 6.2.1a (including) |
| Rtos | Qnx | 6.2.1b (including) | 6.2.1b (including) |
| Rtos | Qnx | 6.3.0 (including) | 6.3.0 (including) |
| Rtp | Qnx | 6.1 (including) | 6.1 (including) |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0155.html
- http://www.kb.cert.org/vuls/id/577566
- http://www.osvdb.org/9661
- http://www.rfdslabs.com.br/qnx-advs-01-2004.txt
- http://www.securityfocus.com/bid/11105
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17284
- http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0155.html
- http://www.kb.cert.org/vuls/id/577566
- http://www.osvdb.org/9661
- http://www.rfdslabs.com.br/qnx-advs-01-2004.txt
- http://www.securityfocus.com/bid/11105
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17284