CVE-1999-0003

Tritreal Ted Cde - Buffer Overflow

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-1999-0003. PoCs published by NAI research team.

AI-analyzed exploit summary This exploit targets a stack-based buffer overflow in the ToolTalk database server (rpc.ttdbserverd) to achieve remote code execution as root. It includes shellcode for spawning a shell and is designed for multiple IRIX versions.

Description

Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).

Exploits (2)

exploitdb WORKING POC VERIFIED
by NAI research team · cremoteunix
https://www.exploit-db.com/exploits/19102

This exploit targets a stack-based buffer overflow in the ToolTalk database server (rpc.ttdbserverd) to achieve remote code execution as root. It includes shellcode for spawning a shell and is designed for multiple IRIX versions.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: rpc.ttdbserverd (ToolTalk database server) on IRIX 5.2, 5.3, 6.2, 6.3, 6.4, 6.5, 6.5.2
No auth needed
Prerequisites: Network access to the target host · ToolTalk service (rpc.ttdbserverd) running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by NAI research team · cremoteunix
https://www.exploit-db.com/exploits/19101

This exploit targets a stack-based buffer overflow in the ToolTalk database server (rpc.ttdbserverd) to achieve remote code execution as root. It includes platform-specific shellcode for Solaris, HP-UX, and Irix, leveraging RPC to overflow an automatic variable and hijack control flow.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ToolTalk rpc.ttdbserverd (CDE/OpenWindows)
No auth needed
Prerequisites: Network access to vulnerable rpc.ttdbserverd service · Target platform must be Solaris, HP-UX, or Irix
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/122
Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/19981101-01-A
Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/19981101-01-PX

Scores

EPSS 0.2438
EPSS Percentile 97.6%

Details

Status published
Products (31)
hp/hp-ux 10.01
hp/hp-ux 10.02
hp/hp-ux 10.03
hp/hp-ux 11.00
ibm/aix 4.1
ibm/aix 4.1.1
ibm/aix 4.1.2
ibm/aix 4.1.3
ibm/aix 4.1.4
ibm/aix 4.1.5
... and 21 more
Published Apr 01, 1998
Tracked Since Feb 18, 2026