QNX FIle Read Vulnerability

From: teknophreak (killbill1at_private)
Date: Sat Apr 21 2001 - 00:59:32 PDT

Next message: T. Barrick: "Re: strange script in HTML format mail."

Previous message: Golden_Eternity: "Re: strange script in HTML format mail."
Next in thread: Tom Vier: "Re: QNX FIle Read Vulnerability"
Reply: Tom Vier: "Re: QNX FIle Read Vulnerability"
Reply: Alexander Pavlovic: "Re: QNX FIle Read Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

QNX 2.4 FILE READ VULNERBILITY
------------------------------------------
BY: Teknophreak (klllbill1at_private)

QNX 2.4 is a mini-linux based Operating System which can be downloaded for free at www.qnx.com. QNX 2.4 is made to install on a FAT partition. A vulnerabilty exist which allows
you to read any file on the system.

example:

$ more /etc/shadow
Permission Denied

if you try to view a file which you don't have read access to, DUH! you wont be able
to read it.
Well, If you find out where the FAT filesystem is mounted usually /fs-dos then you
can do this.

$ more /fs-dos/linux/etc/shadow
					
then....
booyah!
you can read a file you won't be able to read under normal circumstances.

Next message: T. Barrick: "Re: strange script in HTML format mail."
Previous message: Golden_Eternity: "Re: strange script in HTML format mail."
Next in thread: Tom Vier: "Re: QNX FIle Read Vulnerability"
Reply: Tom Vier: "Re: QNX FIle Read Vulnerability"
Reply: Alexander Pavlovic: "Re: QNX FIle Read Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Apr 21 2001 - 15:19:49 PDT