Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0023

4 documents4 sources
Severity
7.2HIGH
EPSS
0.8%
top 25.79%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
9
Freebsd FreebsdIBM AIXInet Inet+6 more
Timeline
PublishedJul 24
Latest updateApr 30

Description

Local user gains root privileges via buffer overflow in rdist, via lookup() function.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages8 packages

NVDibm/aix3.2, 4.1, 4.2+2
NVDinet/inet5.01, 6.01+1
NVDsun/sunos7 versions+6
NVDsco/tcp_ip1.2.0, 1.2.1+1
NVDsco/unixware2.0, 2.1+1

Also affects: Freebsd 2.0, 2.0.5, 2.1.0, 2.2

🔴Vulnerability Details

2
GHSA
GHSA-p5x8-wgxf-7w54: Local user gains root privileges via buffer overflow in rdist, via lookup() function2022-04-30
CVEList
CVE-1999-0023: Local user gains root privileges via buffer overflow in rdist, via lookup() function1999-09-29

💥Exploits & PoCs

1
Exploit-DB
BSDI BSD/OS 2.1 / FreeBSD 2.1 / IBM AIX 4.2 / SGI IRIX 6.4 / Sun SunOS 4.1.3 - Buffer Overrun1996-07-03