QNX Neutrino RTOS rc.local Permission Weakness Privilege Escalation

2006-02-07T08:02:54
ID OSVDB:22958
Type osvdb
Reporter iDEFENSE(idlabs-advisories@idefense.com)
Modified 2006-02-07T08:02:54

Description

Vulnerability Description

QNX Neutrino RTOS contains a flaw that may allow a local user to gain elevated privileges. The issue is due to the /etc/rc.d/rc.local file installing with world writeable permissions. This allows any user to add arbitrary commands that will be executed with root privileges upon the next system startup.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: change the permission of /etc/rc.d/rc.local to something more restrictive such as 644

Short Description

QNX Neutrino RTOS contains a flaw that may allow a local user to gain elevated privileges. The issue is due to the /etc/rc.d/rc.local file installing with world writeable permissions. This allows any user to add arbitrary commands that will be executed with root privileges upon the next system startup.

References:

Vendor URL: http://www.qnx.com/products/rtos/ Security Tracker: 1015598 Secunia Advisory ID:18750 Other Advisory URL: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=387 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0122.html ISS X-Force ID: 24552 FrSIRT Advisory: ADV-2006-0474 CVE-2006-0623