CVE-2002-0793 : Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrit

Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.

Published 2002-08-12 04:00:00

Updated 2024-01-26 17:18:47

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2002-0793

Probability of exploitation activity in the next 30 days: 0.15%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 51 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2002-0793

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2002-0793

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2002-0793

http://www.securityfocus.com/bid/4902

Broken Link;Exploit;Patch;Third Party Advisory;VDB Entry;Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/9233

QNX RTOS Watcom sample utility could be used to overwrite arbitrary files undefined Vulnerability Report
Third Party Advisory;VDB Entry
http://www.iss.net/security_center/static/9231.php

Broken Link;Patch;Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2002-05/0292.html

Broken Link;Exploit;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/4904

Broken Link;Third Party Advisory;VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/9234

QNX RTOS dumper utility symlink could be used to modify arbitrary files undefined Vulnerability Report
Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/4901

Broken Link;Third Party Advisory;VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/9232

QNX RTOS crttrap -c argument could be used to read arbitrary file contents undefined Vulnerability Report
Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/4903

Broken Link;Third Party Advisory;VDB Entry

Products affected by CVE-2002-0793

Blackberry » Qnx Neutrino Real-time Operating System » Version: 4.25
cpe:2.3:o:blackberry:qnx_neutrino_real-time_operating_system:4.25:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2002-0793

Exploit prediction scoring system (EPSS) score for CVE-2002-0793

CVSS scores for CVE-2002-0793

CWE ids for CVE-2002-0793

References for CVE-2002-0793

Products affected by CVE-2002-0793