Notified:  September 13, 2004 Updated: October 05, 2004

Status

Affected

Vendor Statement

A verified statement from the vendor is not available at this time.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has received the following unconfirmed message from the vendor about this vulnerability: Date Received: 10/04/2004 12:12:00 PM This issue has been confirmed and does exist in QNX OS versions: 6.1.0 6.1.0A 6.2.0 6.2.1 6.2.1A 6.2.1B 6.3.0 pppoed is shipped by default setuid to root, so a local non-root user could gain root access by substituting a 'mount' command in their PATH which would be executed as root. Workaround: Change pppoed permissions so that it is not setuid or don't allow unprivileged users access to the pppoed binary. The pppoed binary could also be removed if PPPoE services are not required on the system. Patches: This issue has been fixed and the fix will be available with an upcoming QNX 6.3.0 patch release (Please refer to the release notes). Please contact your QNX representative regarding the availability of patches for earlier QNX releases. Patches or updates for QNX products can be obtained through QNX "myqnx" customer accounts. http://www.qnx.com/account/login.html