← CVECheck
HomeVulnerabilities

CVE-2002-2040 — HIGH severity vulnerability (The (1) phrafx and (2) phgrafx-startup programs in QNX realt)

The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program.

CVE IDCVE-2002-2040
SeverityHIGH
CVSS score7.2
CVSS vectorAV:L/AC:L/Au:N/C:C/I:C/A:C
CWENVD-CWE-Other
StatusModified
Published2002-12-31
Last modified2026-04-16
DescriptionThe (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →