Full title: IBM AIX 7.2 inscout Privilege Escalation Exploit Category: local exploits Platform: aix This Metasploit module exploits a command injection vulnerability in IBM AIX invscout set-uid root utility present in AIX 7.2 and earlier. The undocumented -rpm argument can be used to install an RPM file; and the undocumented -o argument passes arguments to the rpm utility without validation, leading to command injection with effective-uid root privileges. This module has been tested successfully on AIX 7.2. # 0day.today @ http://0day.today/