CVE-2002-0793 - OpenCVE

Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Blackberry	Qnx Neutrino Real-time Operating System

Configuration 1 [-]

cpe:2.3:o:blackberry:qnx_neutrino_real-time_operating_system:4.25:*:*:*:*:*:*:*

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2002-05/0292.html	Broken Link Exploit Vendor Advisory
http://www.iss.net/security_center/static/9231.php	Broken Link Patch Vendor Advisory
http://www.securityfocus.com/bid/4901	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/4902	Broken Link Exploit Patch Third Party Advisory VDB Entry Vendor Advisory
http://www.securityfocus.com/bid/4903	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/4904	Broken Link Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/9232	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/9233	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/9234	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2002-07-26T04:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2002-07-25T00:00:00

Link: CVE-2002-0793

JSON object: View

NVD Information

Status : Analyzed

Published: 2002-08-12T04:00:00.000

Modified: 2024-01-26T17:18:46.507

Link: CVE-2002-0793

JSON object: View

Redhat Information

No data.

CWE

CWE-59

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-05-31T00:00:00", "descriptions": [{"lang": "en", "value": "Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "4901", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4901"}, {"name": "4902", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4902"}, {"name": "4904", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4904"}, {"name": "20020531 Multiple vulnerabilities in QNX", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0292.html"}, {"name": "qnx-rtos-monitor-f(9231)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/9231.php"}, {"name": "qnx-rtos-dumper-symlink(9234)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9234"}, {"name": "4903", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4903"}, {"name": "qnx-rtos-crttrap-c(9232)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9232"}, {"name": "qnx-rtos-watcom-sample(9233)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9233"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0793", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "4901", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4901"}, {"name": "4902", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4902"}, {"name": "4904", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4904"}, {"name": "20020531 Multiple vulnerabilities in QNX", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0292.html"}, {"name": "qnx-rtos-monitor-f(9231)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/9231.php"}, {"name": "qnx-rtos-dumper-symlink(9234)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9234"}, {"name": "4903", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4903"}, {"name": "qnx-rtos-crttrap-c(9232)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9232"}, {"name": "qnx-rtos-watcom-sample(9233)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9233"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0793", "datePublished": "2002-07-26T04:00:00", "dateReserved": "2002-07-25T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_real-time_operating_system:4.25:*:*:*:*:*:*:*", "matchCriteriaId": "C189294E-0AC1-4FAE-885B-4232D2BE6530", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility."}], "id": "CVE-2002-0793", "lastModified": "2024-01-26T17:18:46.507", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2002-08-12T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link", "Exploit", "Vendor Advisory"], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0292.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "url": "http://www.iss.net/security_center/static/9231.php"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/4901"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Exploit", "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/4902"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/4903"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/4904"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9232"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9233"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9234"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}