CVE-2010-4236

IBM OmniFind EE <9.1 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4236. PoCs published by Fatih Kilic.

AI-analyzed exploit summary This exploit leverages two SUID binaries (`esRunCommand` and `estaskwrapper`) in IBM software to escalate privileges to root. The `esRunCommand` directly executes commands as root, while `estaskwrapper` can be tricked into executing a malicious binary named `estasklight` via environment variable manipulation.

Description

Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895.

Exploits (1)

exploitdb WORKING POC

by Fatih Kilic · textlocalmultiple

https://www.exploit-db.com/exploits/15475

View Code ZIP pw:eip

This exploit leverages two SUID binaries (`esRunCommand` and `estaskwrapper`) in IBM software to escalate privileges to root. The `esRunCommand` directly executes commands as root, while `estaskwrapper` can be tricked into executing a malicious binary named `estasklight` via environment variable manipulation.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: IBM software (specific version not mentioned)

No auth needed

Prerequisites: Access to the system with the vulnerable IBM software installed · Presence of SUID binaries `/opt/IBM/es/bin/esRunCommand` and `/opt/IBM/es/bin/estaskwrapper`

MITRE ATT&CK

T1548.001 - Setuid and Setgid T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →