CVE Details for CVE: CVE-2004-1391
Summary
Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious mount program.
| Timestamps | |
|---|---|
| Last major update | 11-07-2017 - 01:30 |
| Published | 31-12-2004 - 05:00 |
| Last modified | 11-07-2017 - 01:30 |
Vulnerable Configurations
-
cpe:2.3:a:qnx:rtos:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:qnx:rtos:6.1.0:*:*:*:*:*:*:*
-
cpe:2.3:a:qnx:rtos:6.1.0a:*:*:*:*:*:*:*
cpe:2.3:a:qnx:rtos:6.1.0a:*:*:*:*:*:*:*
-
cpe:2.3:a:qnx:rtos:6.2.1b:*:*:*:*:*:*:*
cpe:2.3:a:qnx:rtos:6.2.1b:*:*:*:*:*:*:*
-
cpe:2.3:a:qnx:rtos:6.3.0:*:*:*:*:*:*:*
cpe:2.3:a:qnx:rtos:6.3.0:*:*:*:*:*:*:*
-
cpe:2.3:a:qnx:rtp:6.1:*:*:*:*:*:*:*
cpe:2.3:a:qnx:rtp:6.1:*:*:*:*:*:*:*
-
cpe:2.3:a:qnx:rtos:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:qnx:rtos:6.2.0:*:*:*:*:*:*:*
-
cpe:2.3:a:qnx:rtos:6.2.1a:*:*:*:*:*:*:*
cpe:2.3:a:qnx:rtos:6.2.1a:*:*:*:*:*:*:*
CWE
CVSS
Base
4.6
Impact
6.4
Exploitability
3.9
Access
| Vector | Complexity | Authentication |
|---|---|---|
| LOCAL | LOW | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| PARTIAL | PARTIAL | PARTIAL |
CVSS3
None
VIA4 references
cvss-vector
via4
refmap
via4
| bid | 11105 |
| cert-vn | VU#577566 |
| fulldisc | 20040903 [RLSA_01-2004] QNX PPPoEd local root vulnerabilities |
| misc | http://www.rfdslabs.com.br/qnx-advs-01-2004.txt |
| osvdb | 9661 |
| xf | qnx-rtp-mount-command-execute(17284) |