[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201103111212.34467.timb@nth-dimension.org.uk>
Date: Fri, 11 Mar 2011 12:12:33 +0000
From: Tim Brown <timb@...-dimension.org.uk>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Medium severity flaw in QNX Neutrino RTOS
I was recently taking a look at the state of play regarding the security of
POSIX runtime linkers and was pointed at the QNX Neutrino RTOS to take a look.
In doing so I noticed a problem relating to the way that it handles
LD_DEBUG_OUTPUT which allows for the creation or overwriting of an arbitrary
file. Moreover the technique by which this can be achieved can be triggered
even where the binary being executed is setUID and is running as another user.
Tim
--
Tim Brown
<mailto:timb@...-dimension.org.uk>
<http://www.nth-dimension.org.uk/>
Download attachment "NDSA20110310.txt.asc" of type "application/pgp-signature" (4456 bytes)
Download attachment "signature.asc " of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists