QNX RTOS "dhcp.client" File Permission Weakness

Submitted by newsagent on

lms has reported a weakness in QNX RTOS, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).

The weakness is caused due to the "dhcp.client" program having suid root permissions. This can be exploited by malicious users to change the assigned IP addresses of network interfaces, potentially causing a DoS.

The weakness has been reported in version 4.25. Other versions may also be affected.

Solution:
Remove the suid bit from "dhcp.client".

Provided and/or discovered by: lms
Secunia Advisory: SA17870
Release Date: 2005-12-09
URL: http://secunia.com/advisories/17870/