Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0046

CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

10.0CRITICAL

EPSS

6.9%

top 8.59%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Bsdi BSD OS Debian Debian Linux Freebsd Freebsd +5 more

Timeline

PublishedFeb 6

Latest updateApr 30

Description

Buffer overflow of rlogin program using TERM environmental variable.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

▶NVDibm/aix7 versions+6

▶NVDhp/hp-ux10 versions+9

▶NVDsun/sunos6 versions+5

▶NVDbsdi/bsd_os4 versions+3

▶NVDoracle/solaris4 versions+3

Also affects: Netbsd 1.0, 1.1, Freebsd 1.1.5.1, 2.0, 2.0.5, 2.1.0, 2.1.5, Debian Linux 0.93

🔴Vulnerability Details

GHSA

GHSA-j4jr-qcgh-mgmc: Buffer overflow of rlogin program using TERM environmental variable↗2022-04-30

▶

CVEList

CVE-1999-0046: Buffer overflow of rlogin program using TERM environmental variable↗1999-09-29

▶

💥Exploits & PoCs

Exploit-DB

BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Local Privilege Escalati↗1996-12-04

▶