Description: Allows a locally authenticated user to obtain root level privileges.
Versions Affected: AIX 6.1, 7.1, 7.2 VIOS 2.2.x
Researcher: Hector Monsegur (https://twitter.com/hxmonsegur)
Disclosure Link: https://rhinosecuritylabs.com/research/unix-nostalgia-aix-bug-hunting-part-2-bellmail-privilege-escalation-cve-2016-8972/
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2016-8972
- Send mail to a non-existent user
- Within 60 seconds sendmail will bounce the email back
- Execute Bellmail binary
- While inside of the bellmail client, execute the following: w /etc/suid_profile (or ’s’)
./CVE-2016-8972.sh
