Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0040

8 documents4 sources

Severity

7.2HIGH

EPSS

0.2%

top 60.28%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Bsdi BSD OS Freebsd Freebsd HP Hp-ux +7 more

Timeline

PublishedMay 1

Latest updateApr 30

Description

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages9 packages

▶NVDibm/aix3.2, 4.1, 4.2+2

▶NVDhp/hp-ux13 versions+12

▶NVDsgi/irix8 versions+7

▶NVDsun/sunos7 versions+6

▶NVDbsdi/bsd_os2.0, 2.0.1, 2.1+2

Also affects: Freebsd 1.1.5.1, 2.0

🔴Vulnerability Details

GHSA

GHSA-ggg5-x2fh-6pvx: Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges↗2022-04-30

▶

CVEList

CVE-1999-0040: Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges↗1999-09-29

▶

💥Exploits & PoCs

Exploit-DB

BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (1)↗1997-08-25

▶

Exploit-DB

BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (3)↗1997-08-25

▶

Exploit-DB

BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (2)↗1997-08-25

▶

Exploit-DB

LibXt - 'XtAppInitialize()' Local Overflow *xterm↗1997-05-14

▶

Exploit-DB

Xt Library - Local Privilege Escalation↗1996-08-24

▶