AIX Libodm ODMPATH exploit

This module exploits a vulnerability in the processing of the ODMPATH environment variable within the odm_searchpath() function. This function reads the ODMPATH variable from the user provided environment, and then copies it into a fixed sized stack buffer without properly validating its length. This results in a stack-based buffer overflow, and allows the saved return address to be overwritten allowing the execution of arbitrary code with root privileges.
Exploit type: 
Vulnerabilty ID: 
Product Version: 
Released Date: 
Thursday, October 4, 2007 - 00:00