CVE-2009-1786
IBM AIX 5.3 and 6.1 - Arbitrary File Creation or Overwrite via MALLOCDEBUG Log File Symlink
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2009-1786. PoCs published by Affix, inking.
AI-analyzed exploit summary This exploit leverages a vulnerability in IBM AIX's libc MALLOCDEBUG feature to overwrite arbitrary files with elevated permissions. By setting specific environment variables, an attacker can create or overwrite files with 777 permissions when a setuid root binary is executed.
Description
The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.
Exploits (2)
This exploit leverages a vulnerability in IBM AIX's libc MALLOCDEBUG feature to overwrite arbitrary files with elevated permissions. By setting specific environment variables, an attacker can create or overwrite files with 777 permissions when a setuid root binary is executed.
This exploit leverages a cross-site scripting (XSS) vulnerability in Kingsoft Internet Security 9's WebShield feature to execute arbitrary commands. The payload is URL-encoded and triggers a JavaScript `CallCFunc` method to execute a system command via `calc.exe`.