Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4060


Vulnerability Score 3.3 3.3
CVE Id CVE-2011-4060
Last Modified 13 Feb 2012 11:09:37
Published 17 Oct 2011 09:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE



The runtime linker in QNX Neutrino RTOS 6.5.0 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack.

Vulnerable Systems

Operating System

  • Qnx Neutrino Rtos 6.5.0


BID - 46838

BUGTRAQ - 20110629 Breaking the links: Exploiting the linker

BUGTRAQ - 20110311 Medium severity flaw in QNX Neutrino RTOS

OSVDB - 71784


SREASON - 8475

Last Updated: 27 May 2016 10:58:15