Executive Summary

Informations
Name CVE-2002-0793 First vendor Publication 2002-08-12
Vendor Cve Last vendor Modification 2024-11-20

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact High Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.6 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0793

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-59 Improper Link Resolution Before File Access ('Link Following')

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1

Open Source Vulnerability Database (OSVDB)

Id Description
12218 QNX RTOS Watcom Utility Arbitrary File Overwrite
12217 QNX RTOS crttrap -c Argument Arbitrary File Overwrite

QNX RTOS contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when a local attacker uses the "crttrap -c" command, which will pontentially modify arbitrary files on the system.
12216 QNX RTOS dumper -d Argument Arbitrary File Overwrite
12215 QNX RTOS monitor -f Argument Arbitrary File Overwrite

Sources (Detail)

http://archives.neohapsis.com/archives/bugtraq/2002-05/0292.html
http://www.iss.net/security_center/static/9231.php
http://www.securityfocus.com/bid/4901
http://www.securityfocus.com/bid/4902
http://www.securityfocus.com/bid/4903
http://www.securityfocus.com/bid/4904
https://exchange.xforce.ibmcloud.com/vulnerabilities/9232
https://exchange.xforce.ibmcloud.com/vulnerabilities/9233
https://exchange.xforce.ibmcloud.com/vulnerabilities/9234
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2024-11-28 23:23:52
  • Multiple Updates
2024-11-28 12:05:06
  • Multiple Updates
2024-01-26 21:28:13
  • Multiple Updates
2021-05-04 12:01:43
  • Multiple Updates
2021-04-22 01:01:51
  • Multiple Updates
2020-05-23 00:15:01
  • Multiple Updates
2017-07-11 12:01:10
  • Multiple Updates
2013-05-11 12:10:36
  • Multiple Updates