7 lines
No EOL
450 B
Text
Executable file
7 lines
No EOL
450 B
Text
Executable file
source: http://www.securityfocus.com/bid/4902/info
|
|
|
|
The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files (such as /etc/passwd). monitor is installed setuid root by default.
|
|
|
|
The monitor -f command line option may be used by a local attacker to cause an arbitrary system file to be overwritten. Once overwritten, the attacker will gain ownership of the file.
|
|
|
|
monitor -f /etc/passwd |