CVE-2011-4834

HP Application Lifestyle Management 11 - Privilege Escalation via /tmp/tmp.txt Symlink Attack

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4834. PoCs published by anonymous.

AI-analyzed exploit summary This exploit leverages a local privilege escalation vulnerability in HP Application Lifestyle Management by injecting a command into a configuration file, which is then executed as root when a vulnerable function is called. The PoC uses a named pipe to block and inject the malicious payload.

Description

The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · bashlocallinux

https://www.exploit-db.com/exploits/36430

View Code ZIP pw:eip

This exploit leverages a local privilege escalation vulnerability in HP Application Lifestyle Management by injecting a command into a configuration file, which is then executed as root when a vulnerable function is called. The PoC uses a named pipe to block and inject the malicious payload.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: HP Application Lifestyle Management

Auth required

Prerequisites: Local access to the system · Ability to write to a specific file · Vulnerable function must be called by a privileged process

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://0a29.blogspot.com/2011/12/0a29-11-2-privilege-escalation.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/47040

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/520783/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/71698

Scores

EPSS 0.0123

EPSS Percentile 65.0%

Details

CWE

CWE-264

Status published

Products (1)

hp/application_lifestyle_management 11

Published Dec 15, 2011

Tracked Since Feb 18, 2026