Hello all,
I recently got a QNX 4.25 vmware image and i found that the dhcp.client shipped
with it is suided.
This obviously enables a normal user to control the NIC's configuration and
produce some other attacks (eg: if the system has some services which depend on
'host/ip based' authentication [NFS,NIS,rlogin, etc]).
Some vmware screenshots are available at:
http://lms.ispgaya.pt/goodies/qnx/
I havent got access to other QNX installations so, allthough the person who gave
me the image said the binary wasnt changed, can anybody else confirm this?
Best regards,
+---------------------------------
| Luís Miguel Ferreira da Silva
| Unidade de Qualidade e Segurança
| Centro de Informática
| Professor Correia Araújo
| Faculdade de Engenharia da
| Universidade do Porto
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Dec 03 2005
Intro
