<<< Date Index >>>     <<< Thread Index >>>

QNX 4.25 suided dhcp.client binary



Hello all,

I recently got a QNX 4.25 vmware image and i found that the dhcp.client shipped
with it is suided.

This obviously enables a normal user to control the NIC's configuration and
produce some other attacks (eg: if the system has some services which depend on
'host/ip based' authentication [NFS,NIS,rlogin, etc]).

Some vmware screenshots are available at:
http://lms.ispgaya.pt/goodies/qnx/

I havent got access to other QNX installations so, allthough the person who gave
me the image said the binary wasnt changed, can anybody else confirm this?

Best regards,
+---------------------------------
| Luís Miguel Ferreira da Silva
| Unidade de Qualidade e Segurança
| Centro de Informática
| Professor Correia Araújo
| Faculdade de Engenharia da
| Universidade do Porto

Attachment: binL4u6BNfuQo.bin
Description: PGP Public Key