CVE-2006-5558

HP-UX B.11.11 - Local Format String Vulnerability via swask -s Argument

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5558. PoCs published by prdelka.

AI-analyzed exploit summary This exploit leverages a format string vulnerability in the HP-UX 'swask' utility (setuid root) via the '-s' argument to achieve local privilege escalation. It uses a two-step approach: first to leak memory addresses and then to overwrite a target address with shellcode execution.

Description

Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.

Exploits (1)

exploitdb WORKING POC VERIFIED

by prdelka · clocalhp-ux

https://www.exploit-db.com/exploits/2635

View Code ZIP pw:eip

This exploit leverages a format string vulnerability in the HP-UX 'swask' utility (setuid root) via the '-s' argument to achieve local privilege escalation. It uses a two-step approach: first to leak memory addresses and then to overwrite a target address with shellcode execution.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: HP-UX swask (B.11.11)

No auth needed

Prerequisites: Local access to HP-UX system with vulnerable swask binary · swask must be setuid root

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://blogs.23.nu/prdelka/stories/13144/

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/20726

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5804

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/2635

Scores

EPSS 0.0723

EPSS Percentile 93.5%

Details

Status published

Products (4)

hp/hp-ux 11.00

hp/hp-ux 11.4

hp/hp-ux 11.11

hp/hp-ux 11.23

Published Oct 27, 2006

Tracked Since Feb 18, 2026