CVE-2014-3977

IBM AIX 6.1/7.1 & VIOS 2.2.x - Local Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-3977. PoCs published by Portcullis.

AI-analyzed exploit summary The exploit demonstrates a privilege escalation vulnerability in IBM AIX by leveraging a race condition in libodm. It creates a symlink to a target file (e.g., /etc/pwned) and exploits a time-of-check, time-of-use (TOCTOU) race to achieve arbitrary file writes with elevated privileges.

Description

libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Portcullis · textlocalaix

https://www.exploit-db.com/exploits/33725

View Code ZIP pw:eip

The exploit demonstrates a privilege escalation vulnerability in IBM AIX by leveraging a race condition in libodm. It creates a symlink to a target file (e.g., /etc/pwned) and exploits a time-of-check, time-of-use (TOCTOU) race to achieve arbitrary file writes with elevated privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: IBM AIX 6.1.8 and later

No auth needed

Prerequisites: Access to a vulnerable IBM AIX system · Ability to execute arbitrary code on the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1040 - Network Sniffing

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (12)

Core 12

Core References

Various Sources vendor-advisory x_refsource_aixapar

http://www.ibm.com/support/docview.wss?uid=isg1IV60312

Various Sources vendor-advisory x_refsource_aixapar

http://www.ibm.com/support/docview.wss?uid=isg1IV60314

Various Sources vendor-advisory x_refsource_aixapar

http://www.ibm.com/support/docview.wss?uid=isg1IV60299

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/127067/IBM-AIX-6.1.8-Privilege-Escalation.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/93595

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1030401

Various Sources vendor-advisory x_refsource_aixapar

http://www.ibm.com/support/docview.wss?uid=isg1IV60313

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/33725

Various Sources vendor-advisory x_refsource_aixapar

http://www.ibm.com/support/docview.wss?uid=isg1IV60303

Various Sources vendor-advisory x_refsource_aixapar

http://www.ibm.com/support/docview.wss?uid=isg1IV60311

Various Sources x_refsource_confirm

http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc

Various Sources x_refsource_misc

https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3977/

Scores

EPSS 0.0087

EPSS Percentile 54.1%

Details

CWE

CWE-59

Status published

Products (18)

ibm/aix 6.1

ibm/aix 7.1

ibm/vios 2.2.0.10

ibm/vios 2.2.0.11

ibm/vios 2.2.0.12

ibm/vios 2.2.0.13

ibm/vios 2.2.1.0

ibm/vios 2.2.1.1

ibm/vios 2.2.1.3

ibm/vios 2.2.1.4 (2 CPE variants)

... and 8 more

Published Jun 08, 2014

Tracked Since Feb 18, 2026