Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
QNX多个程序不安全默认权限漏洞
Vulnerability Description
QNX RTOS是一款设计用于嵌入系统的实时操作系统,由QNX分发和维护。 QNX多个程序默认权限设置不正确,本地攻击者可以利用这个漏洞删除文件,更改文件内容,或者以木马程序代替系统文件导致权限提升。 QNX在安装OS Update for 6.2.0 (Patch A)补丁后会影响io-audio权限。QNX也发布两个以下两个补丁,可导致错误的程序权限: - PhShutdown security patch - Package file system patch 系统中如下程序其权限为全局可读/写:
CVSS Information
N/A
Vulnerability Type
N/A