CVE-2004-1683 - OpenCVE

A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Qnx	Rtos

Configuration 1 [-]

OR	cpe:2.3:a:qnx:rtos:6.2.0:::::::*
	cpe:2.3:a:qnx:rtos:6.2.0a:::::::*

References

Link	Resource
http://marc.info/?l=bugtraq&m=109511737504357&w=2
http://www.securityfocus.com/bid/11165	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17345

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-02-20T05:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-02-21T00:00:00

Link: CVE-2004-1683

JSON object: View

NVD Information

Status : Modified

Published: 2004-09-13T04:00:00.000

Modified: 2017-07-11T01:31:15.387

Link: CVE-2004-1683

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-09-13T00:00:00", "descriptions": [{"lang": "en", "value": "A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "qnx-rtp-crttrap-race-condition(17345)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17345"}, {"name": "20040913 [RLSA_04-2004] QNX crrtrap possible race condition vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=109511737504357&w=2"}, {"name": "11165", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/11165"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1683", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "qnx-rtp-crttrap-race-condition(17345)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17345"}, {"name": "20040913 [RLSA_04-2004] QNX crrtrap possible race condition vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=109511737504357&w=2"}, {"name": "11165", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11165"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1683", "datePublished": "2005-02-20T05:00:00", "dateReserved": "2005-02-21T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}