{"id": "EDB-ID:21500", "vendorId": null, "type": "exploitdb", "bulletinFamily": "exploit", "title": "QNX RTOS 4.25 - monitor Arbitrary File Modification", "description": "", "published": "2002-05-31T00:00:00", "modified": "2002-05-31T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.exploit-db.com/exploits/21500", "reporter": "Simon Ouellette", "references": [], "cvelist": ["2002-0793"], "immutableFields": [], "lastseen": "2022-08-16T08:59:16", "viewCount": 10, "enchantments": {"dependencies": {}, "score": {"value": -0.1, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.1}, "_state": {"dependencies": 1661182887, "score": 1661184847, "epss": 1678800746}, "_internal": {"score_hash": "99d66b5d261467217a19223388f004ad"}, "sourceHref": "https://www.exploit-db.com/download/21500", "sourceData": "source: https://www.securityfocus.com/bid/4902/info\r\n\r\nThe QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files (such as /etc/passwd). monitor is installed setuid root by default.\r\n\r\nThe monitor -f command line option may be used by a local attacker to cause an arbitrary system file to be overwritten. Once overwritten, the attacker will gain ownership of the file.\r\n\r\nmonitor -f /etc/passwd ", "osvdbidlist": ["12215"], "exploitType": "local", "verified": true}
QNX RTOS 4.25 - monitor Arbitrary File Modification