iDEFENS just released iDEFENSE Security Advisory 11.08.02b in which they disclosed the Non-Explicit Path Vulnerability in QNX Neutrino RTOS. Since a setuid root application packager within QNX inappropriately executes external applications without using their full paths, local attackers can potentially obtain root privilege. The exploit code is also published in the Security Advisory.
The QNX 6.2.1, which is slated to be released in January 2003, should fix this vulnerability.