AIX Libodm ODMPATH exploit

This module exploits a vulnerability in the processing of the ODMPATH environment variable within the odm_searchpath() function. This function reads the ODMPATH variable from the user provided environment, and then copies it into a fixed sized stack buffer without properly validating its length. This results in a stack-based buffer overflow, and allows the saved return address to be overwritten allowing the execution of arbitrary code with root privileges.
Exploit type: 
Vulnerabilty ID: 
Released Date: 
Wednesday, October 3, 2007 - 19:00