OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: teknophreak (killbill1JUNO.COM)
Date: Sat Apr 21 2001 - 02:59:32 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    QNX 2.4 FILE READ VULNERBILITY
    ------------------------------------------
    BY: Teknophreak (klllbill1juno.com)

    QNX 2.4 is a mini-linux based Operating System which can be downloaded for free at www.qnx.com. QNX 2.4 is made to install on a FAT partition. A vulnerabilty exist which allows
    you to read any file on the system.

    example:

    $ more /etc/shadow
    Permission Denied

    if you try to view a file which you don't have read access to, DUH! you wont be able
    to read it.
    Well, If you find out where the FAT filesystem is mounted usually /fs-dos then you
    can do this.

    $ more /fs-dos/linux/etc/shadow
                                            
    then....
    booyah!
    you can read a file you won't be able to read under normal circumstances.