VULHUB ™

It has been reported that the 'su' utility for QNX RTOS accepts the SIGSEGV signal and dumps a world readable core file. An attacker is able to analyze the core file and obtain very sensitive information. It is very probable that this is a kernel-based vulnerability affecting not only 'su', but other setuid programs as well

It has been reported that the 'su' utility for QNX RTOS accepts the SIGSEGV signal and dumps a world readable core file. An attacker is able to analyze the core file and obtain very sensitive information. It is very probable that this is a kernel-based vulnerability affecting not only 'su', but other setuid programs as well