CVE-2002-2040

Published: Dec 31, 2002Modified: Apr 16, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program.

Affected (2)

Products: Qnx: Rtos

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Qnx Rtos	Version 4.25
Qnx Rtos	Version 6.1.0

References (8)

http://online.securityfocus.com/archive/1/275218

Source: cve@mitre.org

http://www.iss.net/security_center/static/9257.php

Source: cve@mitre.org

http://www.securityfocus.com/bid/4915

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/4916

Source: cve@mitre.org

Exploit

http://online.securityfocus.com/archive/1/275218

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.iss.net/security_center/static/9257.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/4915

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/4916

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.