CVE-2011-4060: Low severity blackberry qnx neutrino rtos vulnerability

Published Oct 18, 2011

Updated

The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LDDEBUGOUTPUT and LDDEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack.

Affected Software

1 affected component

QNX Neutrino RTOS=6.5.0

Event History

Oct 18, 2011

CVE Published

via MITRE·01:00 AM

Data Sourced

via MITRE·01:00 AM

Description

Frequently Asked Questions

What is the severity of CVE-2011-4060?

The severity of CVE-2011-4060 is classified as high due to the potential for local users to overwrite files through a symlink attack.

How do I fix CVE-2011-4060?

To fix CVE-2011-4060, update to QNX Neutrino RTOS version 6.5.0 Service Pack 1 or later.

What vulnerability does CVE-2011-4060 exploit?

CVE-2011-4060 exploits improper handling of the LD_DEBUG_OUTPUT and LD_DEBUG environment variables in setuid programs.

Who is affected by CVE-2011-4060?

Local users on systems running QNX Neutrino RTOS 6.5.0 prior to Service Pack 1 are affected by CVE-2011-4060.

What type of attack is associated with CVE-2011-4060?

CVE-2011-4060 is associated with a symlink attack that allows file overwriting.

CVE-2011-4060: Low severity blackberry qnx neutrino rtos vulnerability

Affected Software

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2011-4060?

How do I fix CVE-2011-4060?

What vulnerability does CVE-2011-4060 exploit?

Who is affected by CVE-2011-4060?

What type of attack is associated with CVE-2011-4060?

Company

Resources

Contact