https://www.exploit-db.com/exploits/26195
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200508-307

QNXRTOS是嵌入式设备的微内核操作系统，inputtrap是QNX中用于检测和启动输入管理器的工具。inputtrap中的’-t’标签用于指定将要读取的trap文件。由于错误的权限检查，除了拥有’start’标签的文件外用户还可以管理访问磁盘中的任意文件。

source: http://www.securityfocus.com/bid/14656/info

QNX RTOS is susceptible to a local arbitrary file disclosure vulnerability. This issue is due to a failure of the 'inputtrap' utility to properly implement access control restrictions.

This vulnerability allows local malicious users to gain access to the contents of arbitrary files with superuser privileges, aiding them in further attacks.

QNX RTOS versions 6.1 and 6.3 are affected by this issue. Other versions are also likely affected. This issue is similar to the one described in BID 4901. 

inputtrap -t /etc/shadow start

来源:XF
名称:qnx-inputtrap-obtain-information(21969)
链接:http://xforce.iss.net/xforce/xfdb/21969
来源:BID
名称:14656
链接:http://www.securityfocus.com/bid/14656
来源:MISC
链接:http://www.rfdslabs.com.br/advisories/qnx-advs-01-2005.txt
来源:SECUNIA
名称:16569
链接:http://secunia.com/advisories/16569/
来源:BUGTRAQ
名称:20050824[RLSA_01-2005]QNXinputtraparbitraryfilereadvulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112490406301882&w;=2