CVE-2002-2039 - /bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows local users to obtain sensitiv

CVE-2002-2039

Summary

/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows local users to obtain sensitive information from core dump files by sending the SIGSERV (invalid memory reference) signal.

References

http://marc.info/?l=bugtraq&m=102312549511726&w=2
http://www.iss.net/security_center/static/9256.php
http://www.securityfocus.com/bid/4914

Vulnerable Configurations

cpe:2.3:a:qnx:rtos:4.25:*:*:*:*:*:*:*
cpe:2.3:a:qnx:rtos:4.25:*:*:*:*:*:*:*
cpe:2.3:a:qnx:rtos:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:qnx:rtos:6.1.0:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 18-10-2016 - 02:27)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	4914
bugtraq	20020603 QNX
xf	qnx-rtos-su-core-dump(9256)

Last major update

18-10-2016 - 02:27

Published

31-12-2002 - 05:00

Last modified

18-10-2016 - 02:27