Julio Cesar Fort has reported a vulnerability in QNX RTOS, which can be exploited by malicious, local users to disclose certain sensitive information.The vulnerability is caused due to the "inputtrap" command disclosing certain contents of the user-specified trapfile if an error is encountered when probing each device specified in the file. This can be exploited to disclose contents of the "/etc/shadow" file by specifying it as a trapfile.
Example:
inputtrap -t /etc/shadow start
The vulnerability has been reported in versions 6.1.0 and 6.3. Other versions may also be affected.
Solution:
Grant only trusted users access to affected systems.
Remove the suid bit from the "inputtrap" command.
Provided and/or discovered by:
Julio Cesar Fort
Original Advisory:
http://www.rfdslabs.com.br/advisories/qnx-advs-01-2005.txt