[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Medium severity flaw in QNX Neutrino RTOS

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Medium severity flaw in QNX Neutrino RTOS
From: Tim Brown <timb@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 11 Mar 2011 12:12:33 +0000

I was recently taking a look at the state of play regarding the security of 
POSIX runtime linkers and was pointed at the QNX Neutrino RTOS to take a look.  
In doing so I noticed a problem relating to the way that it handles 
LD_DEBUG_OUTPUT which allows for the creation or overwriting of an arbitrary 
file.  Moreover the technique by which this can be achieved can be triggered 
even where the binary being executed is setUID and is running as another user.

Tim
-- 
Tim Brown
<mailto:timb@xxxxxxxxxxxxxxxxxxxx>
<http://www.nth-dimension.org.uk/>

Attachment: NDSA20110310.txt.asc
Description: PGP signature

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Cross-Site Scripting vulnerability in Nagios
Next by Date: [Full-disclosure] DC4420 - London DEFCON - March meet - Tuesday 22nd March 2011
Previous by thread: [Full-disclosure] Cross-Site Scripting vulnerability in Nagios
Next by thread: [Full-disclosure] DC4420 - London DEFCON - March meet - Tuesday 22nd March 2011
Index(es):
- Date
- Thread