VULHUB ™

AIX ships with a diagnostic reporting utility called 'diagrpt'. This utility is installed setuid root by default. When 'diagrpt' executes, it relies on an environment variable to locate another utility which it executes. This utility is executed by 'diagrpt' as root. An attacker can gain root privileges by having 'diagrpt' execute a malicious program of the same name in a directory under their control.

AIX ships with a diagnostic reporting utility called 'diagrpt'. This utility is installed setuid root by default. When 'diagrpt' executes, it relies on an environment variable to locate another utility which it executes. This utility is executed by 'diagrpt' as root. An attacker can gain root privileges by having 'diagrpt' execute a malicious program of the same name in a directory under their control.