Description
The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier versions does not properly check permissions when the -t flag is specified, which allows local users to read arbitrary files.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Julio Cesar Fort · textlocallinux
https://www.exploit-db.com/exploits/26195
References (5)
Core 5
Core References
Exploit, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16569/
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/14656
Exploit, Vendor Advisory x_refsource_misc
http://www.rfdslabs.com.br/advisories/qnx-advs-01-2005.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/21969
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112490406301882&w=2
Scores
EPSS
0.0030
EPSS Percentile
53.4%
Details
Status
published
Products (2)
qnx/rtos
6.1.0
qnx/rtos
6.3.0
Published
Aug 30, 2005
Tracked Since
Feb 18, 2026