CVE-2002-2040 in RTOSinfo

Zusammenfassung

von MITRE

The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

14.07.2005

Veröffentlichung

31.12.2002

Moderieren

akzeptiert

Eintrag

VDB-19682

CPE

bereit

CWE

CWE-269 (bestätigt)

Exploit

Download

CVSS

7.2 (NVD)

EPSS

0.01083

KEV

nein

Aktivitäten

very low

Sektor

Hostingprovider, Police, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2002-2040
NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-2040
CVE Details	https://www.cvedetails.com/cve/CVE-2002-2040/

◂ Zurück Übersicht Weiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!