CVE-2006-0177
Cray UNICOS 9.0.2.2 - Local Privilege Escalation via Long Command Line Argument or File Line
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2006-0177. PoCs published by Micheal Turner.
AI-analyzed exploit summary This exploit demonstrates a local buffer overflow in Cray UNICOS's `/usr/bin/script` utility due to insufficient bounds checking of command-line parameters. The PoC uses a Perl one-liner to generate a long string of 'A's, which triggers the overflow and can lead to arbitrary code execution with superuser privileges.
Description
Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu to the name of a file containing a long line.
Exploits (2)
This exploit demonstrates a local buffer overflow in Cray UNICOS's `/usr/bin/script` utility due to insufficient bounds checking of command-line parameters. The PoC uses a Perl one-liner to generate a long string of 'A's, which triggers the overflow and can lead to arbitrary code execution with superuser privileges.
This exploit leverages a buffer overflow in Cray UNICOS utilities with setuid-superuser privileges by injecting a large payload into a script file executed by '/etc/nu'. The overflow occurs due to insufficient bounds checking of command line parameters.