Bugtraq mailing list archives
Clipboard in QNX Photon
From: One Semicolon <s () 4os org>
Date: Mon, 18 Nov 2002 21:46:00 -0600
TOPIC: Clipboard in QNX Photon ADVISORY NR: 200201 DATE: Nov 13 2002 VULNERABILITY FOUND BY: 1; (One Semicolon) CONTACT INFORMATION: http://www.4os.org s () 4os org STATUS: QNX Software Systems Ltd was contacted on November 11, 2002. I received prompt replies and was assured that this was being sent through the proper channels to have this resolved. I was unable to receive a preliminary patch or a estimate as to how long this process would take. DESCRIPTION QNX Photon has a clipboard feature that enables you to cut and paste amongstother things. It has a security issue that allows anyone to access what is on
the clipboard. ISSUE /var/clipboard/localhost/00000000/1.TEXT holds the information you cut or copied. The name localhost may be different depending on the hostname of the system QNX Photon is installed on. The 00000000 signifies the user ID in hex. By changing this value, you can change whose information you see. 1.TEXT holds the information. SYSTEM INFORMATION: QNX 6.2.0 Non-commercial edition on a x86 architecture was used. All patches and updates were applied at the time of writing. FIX Adjust permissions of the seperate user folders within /var/clipboard/localhost to only allow a individual to access their own clipboard.
Current thread:
- Clipboard in QNX Photon One Semicolon (Nov 23)