CVE-2016-3053

HIGH

IBM AIX - Authenticated Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-3053. PoCs published by Hector X. Monsegur.

AI-analyzed exploit summary This exploit leverages a vulnerability in IBM AIX's lsmcode utility to escalate privileges to root by manipulating environment variables to create a suid_profile file, which is then used to copy and modify a shell binary with root ownership and setuid permissions.

Description

IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Hector X. Monsegur · bashlocalaix
https://www.exploit-db.com/exploits/40709

This exploit leverages a vulnerability in IBM AIX's lsmcode utility to escalate privileges to root by manipulating environment variables to create a suid_profile file, which is then used to copy and modify a shell binary with root ownership and setuid permissions.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: IBM AIX 6.1/7.1/7.2.0.2
No auth needed
Prerequisites: Access to a vulnerable AIX system · lsmcode utility must be executable
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93605
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40709/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037030

Scores

CVSS v3 7.8
EPSS 0.0247
EPSS Percentile 82.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-264
Status published
Products (50)
ibm/aix
IBM Corporation/AIX 1.2.1
IBM Corporation/AIX 1.3
IBM Corporation/AIX 2.2.1
IBM Corporation/AIX 3.1
IBM Corporation/AIX 3.2
IBM Corporation/AIX 3.2.0
IBM Corporation/AIX 3.2.4
IBM Corporation/AIX 3.2.5
IBM Corporation/AIX 3.4
... and 40 more
Published Feb 01, 2017
Tracked Since Feb 18, 2026