CVE-2003-0089

HP-UX B.11.00 and B.11.11 - Buffer Overflow via LANG Environment Variable

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0089. PoCs published by watercloud.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in HP-UX Software Distributor utilities (swinstall/swverify) to achieve local privilege escalation. It uses a crafted environment variable (LANG) to overflow the buffer and execute shellcode, granting a root shell.

Description

Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as (1) swinstall and (2) swmodify.

Exploits (1)

exploitdb WORKING POC VERIFIED

by watercloud · clocalhp-ux

https://www.exploit-db.com/exploits/23343

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in HP-UX Software Distributor utilities (swinstall/swverify) to achieve local privilege escalation. It uses a crafted environment variable (LANG) to overflow the buffer and execute shellcode, granting a root shell.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: HP-UX Software Distributor (swinstall/swverify) on HP-UX 11.11/11.0

No auth needed

Prerequisites: Local access to the target HP-UX system · Presence of vulnerable swinstall or swverify utilities

MITRE ATT&CK