Vulnerability Details : CVE-2002-0793
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.
Exploit prediction scoring system (EPSS) score for CVE-2002-0793
Probability of exploitation activity in the next 30 days: 0.15%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 51 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-0793
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2002-0793
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2002-0793
-
http://www.securityfocus.com/bid/4902
Broken Link;Exploit;Patch;Third Party Advisory;VDB Entry;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/9233
QNX RTOS Watcom sample utility could be used to overwrite arbitrary files undefined Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.iss.net/security_center/static/9231.php
Broken Link;Patch;Vendor Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2002-05/0292.html
Broken Link;Exploit;Vendor Advisory
-
http://www.securityfocus.com/bid/4904
Broken Link;Third Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/9234
QNX RTOS dumper utility symlink could be used to modify arbitrary files undefined Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/4901
Broken Link;Third Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/9232
QNX RTOS crttrap -c argument could be used to read arbitrary file contents undefined Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/4903
Broken Link;Third Party Advisory;VDB Entry
Products affected by CVE-2002-0793
- cpe:2.3:o:blackberry:qnx_neutrino_real-time_operating_system:4.25:*:*:*:*:*:*:*