Lucene search

[email protected]CVE-2004-1391

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-1391

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

qnx

rtp

pppoed

vulnerability

execution

path

local users

arbitrary program

path environment variable

nvd

7.7 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.4%

JSON

Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious mount program.

CPENameOperatorVersion
qnx:rtosqnx rtoseq6.2.0
qnx:rtpqnx rtpeq6.1
qnx:rtosqnx rtoseq6.2.1b
qnx:rtosqnx rtoseq6.3.0
qnx:rtosqnx rtoseq6.1.0a
qnx:rtosqnx rtoseq6.2.1a
qnx:rtosqnx rtoseq6.1.0

CPE	Name	Operator	Version
qnx:rtos	qnx rtos	eq	6.2.0
qnx:rtp	qnx rtp	eq	6.1
qnx:rtos	qnx rtos	eq	6.2.1b
qnx:rtos	qnx rtos	eq	6.3.0
qnx:rtos	qnx rtos	eq	6.1.0a
qnx:rtos	qnx rtos	eq	6.2.1a
qnx:rtos	qnx rtos	eq	6.1.0

References

archives.neohapsis.com/archives/fulldisclosure/2004-09/0155.html

www.kb.cert.org/vuls/id/577566

www.osvdb.org/9661

www.rfdslabs.com.br/qnx-advs-01-2004.txt

www.securityfocus.com/bid/11105

exchange.xforce.ibmcloud.com/vulnerabilities/17284

7.7 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.4%

JSON