CVE-1999-0014

CDE - Unauthenticated Denial of Service via dtappgather Program

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0014. PoCs published by Mastoras.

AI-analyzed exploit summary The exploit leverages improper ownership checks in the dtappgather utility to overwrite arbitrary files via symbolic link manipulation and environment variable abuse, leading to privilege escalation.

Description

Unauthorized privileged access or denial of service via dtappgather program in CDE.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Mastoras · textlocalunix
https://www.exploit-db.com/exploits/19108

The exploit leverages improper ownership checks in the dtappgather utility to overwrite arbitrary files via symbolic link manipulation and environment variable abuse, leading to privilege escalation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Common Desktop Environment (CDE) dtappgather utility
Auth required
Prerequisites: Local user access · Presence of dtappgather utility · Write access to /var/dt/appconfig/appmanager/
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Various Sources vendor-advisory x_refsource_hp
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-075
Vendor Advisory vendor-advisory x_refsource_sun
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/185

Scores

EPSS 0.0123
EPSS Percentile 65.4%

Details

Status published
Products (13)
cde/cde 1.01
cde/cde 1.01_x86
cde/cde 1.02
cde/cde 1.2
cde/cde 1.02_x86
cde/cde 1.2_x86
hp/hp-ux 10.10
hp/hp-ux 10.20
hp/hp-ux 11.00
hp/vvos 10.24
... and 3 more
Published Jan 21, 1998
Tracked Since Feb 18, 2026