CVE-2002-2042

ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows programs to attach to privileged processes, which could allow local users to execute arbitrary code by modifying running processes.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://online.securityfocus.com/archive/1/275218
http://www.iss.net/security_center/static/9260.php
http://www.securityfocus.com/bid/4919	Exploit
http://online.securityfocus.com/archive/1/275218
http://www.iss.net/security_center/static/9260.php
http://www.securityfocus.com/bid/4919	Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:qnx:rtos:4.25:::::::*
	cpe:2.3:a:qnx:rtos:6.1.0:::::::*

History

20 Nov 2024, 23:42

Type	Values Removed	Values Added
References	~~() http://online.securityfocus.com/archive/1/275218 -~~	() http://online.securityfocus.com/archive/1/275218 -
References	~~() http://www.iss.net/security_center/static/9260.php -~~	() http://www.iss.net/security_center/static/9260.php -
References	~~() http://www.securityfocus.com/bid/4919 - Exploit~~	() http://www.securityfocus.com/bid/4919 - Exploit

Information

Published : 2002-12-31 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2002-2042

Mitre link : CVE-2002-2042

CVE.ORG link : CVE-2002-2042

JSON object : View

Products Affected

qnx

rtos

CWE

NVD-CWE-Other

{"id": "CVE-2002-2042", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-12-31T05:00:00.000", "references": [{"url": "http://online.securityfocus.com/archive/1/275218", "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/9260.php", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/4919", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://online.securityfocus.com/archive/1/275218", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.iss.net/security_center/static/9260.php", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/4919", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows programs to attach to privileged processes, which could allow local users to execute arbitrary code by modifying running processes."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qnx:rtos:4.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F05ACD69-8EEF-4D6B-A825-92051DFE9C4D"}, {"criteria": "cpe:2.3:a:qnx:rtos:6.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C37EB0A5-8A16-42A1-B229-BB223AAF9AA7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.2 /10