CVE-2006-0620

QNX Neutrino RTOS 6.2.1 - Local Race Condition via PHFONT and PHOTON2_PATH Environment Variables

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0620. PoCs published by kokanin.

AI-analyzed exploit summary This exploit targets a vulnerability in QNX Photon's phfont binary (CVE-2006-0620) by leveraging environment variable manipulation to execute arbitrary code with elevated privileges. It creates a malicious shared object and uses symbolic linking to trick the system into executing it.

Description

Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users to execute arbitrary code via unspecified manipulations of the PHFONT and PHOTON2_PATH environment variables.

Exploits (1)

exploitdb WORKING POC VERIFIED

by kokanin · bashlocalqnx

https://www.exploit-db.com/exploits/1479

View Code ZIP pw:eip

This exploit targets a vulnerability in QNX Photon's phfont binary (CVE-2006-0620) by leveraging environment variable manipulation to execute arbitrary code with elevated privileges. It creates a malicious shared object and uses symbolic linking to trick the system into executing it.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: QNX Photon phfont binary (QNX 6.2.1)

No auth needed

Prerequisites: Access to a vulnerable QNX system with the phfont binary · Ability to compile and execute code on the target system

MITRE ATT&CK