VYPR
Unrated severityNVD Advisory· Published Oct 18, 2011· Updated Jun 16, 2026

CVE-2011-4060

CVE-2011-4060

Description

The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • QNX/Neutrino Rtos2 versions
    cpe:2.3:o:qnx:neutrino_rtos:6.5.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:qnx:neutrino_rtos:6.5.0:*:*:*:*:*:*:*
    • (no CPE)range: 6.5.0 before Service Pack 1

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.