|
|
| |
| QNX Photon has a clipboard feature that enables you to cut and paste amongst other things. It has a security issue that allows anyone to access what is on the clipboard. |
| |
Credit:
The information has been provided by One Semicolon.
|
| |
Vulnerable systems:
* QNX 6.2.0 Non-commercial (x86)
/var/clipboard/localhost/00000000/1.TEXT holds the information you cut or copied. The name localhost may be different depending on the hostname of the system QNX Photon is installed on. The 00000000 signifies the user ID in hex. By changing this value, you can change whose information you see.
Vendor status:
QNX Software Systems Ltd was contacted on November 11, 2002. One Semicolon received prompt replies and was assured that this was being sent through the proper channels to have this resolved. One Semicolon was unable to receive a preliminary patch or an estimate as to how long this process would take.
Fix:
Adjust permissions of the separate user folders within /var/clipboard/localhost to only allow an individual to access their own clipboard.
|
|
|
|
|
|
|
|
