Lucene search

[email protected]CVE-2005-2725

HistoryAug 30, 2005 - 11:45 a.m.

CVE-2005-2725

2005-08-3011:45:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-2725

inputtrap utility

qnx rtos

local users

arbitrary files

security vulnerability

7.1 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

0.4%

JSON

The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier versions does not properly check permissions when the -t flag is specified, which allows local users to read arbitrary files.

CPENameOperatorVersion
qnx:rtosqnx rtoseq6.3.0
qnx:rtosqnx rtoseq6.1.0

CPE	Name	Operator	Version
qnx:rtos	qnx rtos	eq	6.3.0
qnx:rtos	qnx rtos	eq	6.1.0

References

marc.info/?l=bugtraq&m=112490406301882&w=2

secunia.com/advisories/16569/

www.rfdslabs.com.br/advisories/qnx-advs-01-2005.txt

www.securityfocus.com/bid/14656

exchange.xforce.ibmcloud.com/vulnerabilities/21969

7.1 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2005-2725

cvelist1