CVE-2002-0793

MEDIUM

Blackberry Qnx Neutrino Real-time Operating System - Symlink Following

Title source: rule
STIX 2.1

Description

Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Simon Ouellette · textlocallinux
https://www.exploit-db.com/exploits/21500
exploitdb WORKING POC VERIFIED
by Simon Ouellette · textlocallinux
https://www.exploit-db.com/exploits/21501
exploitdb WORKING POC VERIFIED
by Simon Ouellette · textlocallinux
https://www.exploit-db.com/exploits/21499

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/9234
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/9233
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4901
Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4902
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4904
Broken Link, Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-05/0292.html
Broken Link, Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9231.php
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4903
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/9232

Scores

CVSS v3 5.5
EPSS 0.0020
EPSS Percentile 42.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-59
Status published
Products (1)
blackberry/qnx_neutrino_real-time_operating_system 4.25
Published Aug 12, 2002
Tracked Since Feb 18, 2026