Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4060

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2011-4060
Last Modified 13 Feb 2012 11:09:37
Published 17 Oct 2011 09:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4060

Summary

The runtime linker in QNX Neutrino RTOS 6.5.0 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack.

Vulnerable Systems

Operating System

  • Qnx Neutrino Rtos 6.5.0


References

BID - 46838

BUGTRAQ - 20110629 Breaking the links: Exploiting the linker

BUGTRAQ - 20110311 Medium severity flaw in QNX Neutrino RTOS

OSVDB - 71784

MISC - http://www.nth-dimension.org.uk/pub/NDSA20110310.txt.asc

SREASON - 8475


Last Updated: 27 May 2016 10:58:15