First published: Tue Oct 18 2011(Updated: )
The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
QNX Neutrino RTOS | =6.5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.