CVE-2004-0544

IBM AIX 5.1-5.2 - Local Privilege Escalation via LVM putlvcb/getlvcb Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-0544. PoCs published by mattox, watercloud.

AI-analyzed exploit summary This exploit leverages a buffer overflow in the AIX `getlvcb` utility to achieve local privilege escalation to root. It constructs a malicious buffer with NOP sleds and shellcode to overwrite the return address and execute arbitrary code.

Description

Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands.

Exploits (2)

exploitdb WORKING POC VERIFIED
by mattox · clocalaix
https://www.exploit-db.com/exploits/23841

This exploit leverages a buffer overflow in the AIX `getlvcb` utility to achieve local privilege escalation to root. It constructs a malicious buffer with NOP sleds and shellcode to overwrite the return address and execute arbitrary code.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: AIX getlvcb (version not specified, likely AIX 5.1 or earlier)
Auth required
Prerequisites: System group privileges · Access to the target AIX system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by watercloud · perllocalaix
https://www.exploit-db.com/exploits/23840

This exploit targets a buffer overflow vulnerability in the `getlvcb` utility on AIX 4.3.3, allowing an attacker with `gid=0` to escalate privileges to `uid=0` (root). The exploit uses a crafted environment variable and shellcode to achieve arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: IBM AIX 4.3.3 (getlvcb utility)
Auth required
Prerequisites: System group privileges (gid=0) · Access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/4392
Various Sources vendor-advisory x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=isg1IY55682
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9906
Various Sources vendor-advisory x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=isg1IY55681
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11158/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18317
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9905
Patch, Vendor Advisory third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/o-131.shtml
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/4393
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15555

Scores

EPSS 0.0122
EPSS Percentile 64.8%

Details

Status published
Products (3)
ibm/aix 4.3.3
ibm/aix 5.1
ibm/aix 5.2
Published Aug 06, 2004
Tracked Since Feb 18, 2026