Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: One Semicolon (s_at_4os.org)
Date: Mon Nov 18 2002 - 21:46:00 CST
TOPIC: Clipboard in QNX Photon
ADVISORY NR: 200201
DATE: Nov 13 2002
VULNERABILITY FOUND BY: 1; (One Semicolon)
STATUS: QNX Software Systems Ltd was contacted on November 11, 2002.
I received prompt replies and was assured that this was being sent through
the proper channels to have this resolved. I was unable to receive a
preliminary patch or a estimate as to how long this process would take.
QNX Photon has a clipboard feature that enables you to cut and paste amongst
other things. It has a security issue that allows anyone to access what
/var/clipboard/localhost/00000000/1.TEXT holds the information you cut or
copied. The name localhost may be different depending on the hostname of the
system QNX Photon is installed on.
The 00000000 signifies the user ID in hex. By changing this value, you can
change whose information you see.
1.TEXT holds the information.
QNX 6.2.0 Non-commercial edition on a x86 architecture was used. All patches
and updates were applied at the time of writing.
Adjust permissions of the seperate user folders within
/var/clipboard/localhost to only allow a individual to access their own