Vulnerability Description
Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious mount program.
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qnx | Rtos | 6.1.0 |
| Qnx | Rtp | 6.1 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0155.htmlExploit
- http://www.kb.cert.org/vuls/id/577566Third Party AdvisoryUS Government Resource
- http://www.osvdb.org/9661
- http://www.rfdslabs.com.br/qnx-advs-01-2004.txt
- http://www.securityfocus.com/bid/11105Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17284
- http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0155.htmlExploit
- http://www.kb.cert.org/vuls/id/577566Third Party AdvisoryUS Government Resource
- http://www.osvdb.org/9661
- http://www.rfdslabs.com.br/qnx-advs-01-2004.txt
- http://www.securityfocus.com/bid/11105Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17284
FAQ
What is CVE-2004-1391?
CVE-2004-1391 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious m...
How severe is CVE-2004-1391?
CVE-2004-1391 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1391?
Check the references section above for vendor advisories and patch information. Affected products include: Qnx Rtos, Qnx Rtp.