Hello all, I recently got a QNX 4.25 vmware image and i found that the dhcp.client shipped with it is suided. This obviously enables a normal user to control the NIC's configuration and produce some other attacks (eg: if the system has some services which depend on 'host/ip based' authentication [NFS,NIS,rlogin, etc]). Some vmware screenshots are available at: http://lms.ispgaya.pt/goodies/qnx/ I havent got access to other QNX installations so, allthough the person who gave me the image said the binary wasnt changed, can anybody else confirm this? Best regards, +--------------------------------- | Luís Miguel Ferreira da Silva | Unidade de Qualidade e Segurança | Centro de Informática | Professor Correia Araújo | Faculdade de Engenharia da | Universidade do Porto
Attachment:
binL4u6BNfuQo.bin
Description: PGP Public Key