Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0038

CWE-120 — Classic Buffer Overflow5 documents4 sources

Severity

8.4HIGH

EPSS

0.1%

top 68.48%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Bsdi BSD OS Data General DG UX Debian Debian Linux +5 more

Timeline

PublishedApr 26

Latest updateApr 30

Description

Buffer overflow in xlock program allows local users to execute commands as root.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages7 packages

▶NVDibm/aix3.2, 4.1, 4.2+2

▶NVDhp/hp-ux9 versions+8

▶NVDsgi/irix11 versions+10

▶NVDsun/sunos4 versions+3

▶NVDbsdi/bsd_os2.1

Also affects: Debian Linux 0.93, 1.1, 1.2, 1.3

🔴Vulnerability Details

GHSA

GHSA-gg52-28m4-mv74: Buffer overflow in xlock program allows local users to execute commands as root↗2022-04-30

▶

CVEList

CVE-1999-0038: Buffer overflow in xlock program allows local users to execute commands as root↗1999-09-29

▶

💥Exploits & PoCs

Exploit-DB

BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - '/usr/bin/X11/xlock' Local Privilege Escalation (2)↗1997-04-26

▶

Exploit-DB

BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Local Privilege Escalation (1)↗1997-04-26

▶