CVE-1999-0906
published 1999-09-23CVE-1999-0906: Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable.
PriorityP425high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.80%
51.9th percentile
Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| suse | suse_linux | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
CAPEC
Buffer Overflow via Environment Variables
mitre_capec
[HIGH] Buffer Overflow via Environment Variables
CAPEC-10: Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the adversary finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Execution Flow:
Step 1 [Explore]: [Identify target application] The adversary identifies a target application or program to perform the buffer overflow on. In this attack the adversary looks for an application that loads the content of an environment variable into a buffer.
Step 2 [Experiment]: [Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application's buffer.
Technique: Chang
1999-09-23
Published