CVE-2006-4124

LessTif <0.95.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4124. PoCs published by Karol Wiesek.

AI-analyzed exploit summary This exploit leverages a vulnerability in mtink to achieve local privilege escalation by preloading a malicious shared library via /etc/ld.so.preload. The library hooks into the initialization process to spawn a root shell if the effective UID is root while the real UID is not.

Description

The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Karol Wiesek · bashlocallinux

https://www.exploit-db.com/exploits/2144

View Code ZIP pw:eip

This exploit leverages a vulnerability in mtink to achieve local privilege escalation by preloading a malicious shared library via /etc/ld.so.preload. The library hooks into the initialization process to spawn a root shell if the effective UID is root while the real UID is not.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: mtink (version not specified)

No auth needed

Prerequisites: Local access to the system · mtink installed · GCC and ld tools available

MITRE ATT&CK