CVE-2007-1189

Alcatel-Lucent Bell Labs Plan 9 - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1189. PoCs published by Don Bailey.

AI-analyzed exploit summary This exploit leverages a Plan 9 kernel vulnerability (CVE-2007-1189) to overwrite specific kernel addresses, allowing privilege escalation by manipulating the hostowner file and stealing credentials. It requires precise kernel address knowledge and is highly system-specific.

Description

Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by (1) modifying the iseve function to gain privileges and (2) making the devpermcheck function grant unrestricted device permissions.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Don Bailey · clocalplan9

https://www.exploit-db.com/exploits/3383

View Code ZIP pw:eip

This exploit leverages a Plan 9 kernel vulnerability (CVE-2007-1189) to overwrite specific kernel addresses, allowing privilege escalation by manipulating the hostowner file and stealing credentials. It requires precise kernel address knowledge and is highly system-specific.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Plan 9 kernel (specific versions affected by CVE-2007-1189)

No auth needed

Prerequisites: Knowledge of target kernel addresses · Access to Plan 9 system with vulnerable kernel · Ability to execute code on the target system

MITRE ATT&CK