Lucene search

[email protected]CVE-2002-2040

HistoryDec 31, 2002 - 5:00 a.m.

CVE-2002-2040

2002-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

qnx

rtos

privilege escalation

phrafx

phgrafx-startup

cve-2002-2040

nvd

8 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

15.4%

JSON

The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program.

CPENameOperatorVersion
qnx:rtosqnx rtoseq4.25
qnx:rtosqnx rtoseq6.1.0

CPE	Name	Operator	Version
qnx:rtos	qnx rtos	eq	4.25
qnx:rtos	qnx rtos	eq	6.1.0

References

online.securityfocus.com/archive/1/275218

www.iss.net/security_center/static/9257.php

www.securityfocus.com/bid/4915

www.securityfocus.com/bid/4916

8 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

15.4%

JSON

Related for CVE-2002-2040

cvelist1