CVE-2002-0793

MEDIUM

Blackberry Qnx Neutrino Real-time Operating System - Symlink Following

Title source: rule

Description

Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Simon Ouellette · textlocallinux

https://www.exploit-db.com/exploits/21499

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Simon Ouellette · textlocallinux

https://www.exploit-db.com/exploits/21501

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Simon Ouellette · textlocallinux

https://www.exploit-db.com/exploits/21500

View Code ZIP pw:eip

References (9)

[Broken Link, Exploit, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2002-05/0292.html

[Broken Link, Patch, Vendor Advisory] http://www.iss.net/security_center/static/9231.php

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/4901

[Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/4902

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/4903

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/4904

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/9232

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/9233

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/9234

Scores

CVSS v3 5.5

EPSS 0.0020

EPSS Percentile 42.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-59

Status draft

Affected Products (1)

blackberry/qnx_neutrino_real-time_operating_system

Timeline

Published Aug 12, 2002

Tracked Since Feb 18, 2026