CVE-1999-0014
CDE - Unauthenticated Denial of Service via dtappgather Program
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-1999-0014. PoCs published by Mastoras.
AI-analyzed exploit summary The exploit leverages improper ownership checks in the dtappgather utility to overwrite arbitrary files via symbolic link manipulation and environment variable abuse, leading to privilege escalation.
Description
Unauthorized privileged access or denial of service via dtappgather program in CDE.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Mastoras · textlocalunix
https://www.exploit-db.com/exploits/19108
The exploit leverages improper ownership checks in the dtappgather utility to overwrite arbitrary files via symbolic link manipulation and environment variable abuse, leading to privilege escalation.
Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target:
Common Desktop Environment (CDE) dtappgather utility
Auth required
Prerequisites:
Local user access · Presence of dtappgather utility · Write access to /var/dt/appconfig/appmanager/
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Various Sources vendor-advisory
x_refsource_hp
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-075
Vendor Advisory vendor-advisory
x_refsource_sun
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/185
Scores
EPSS
0.0123
EPSS Percentile
65.4%
Details
Status
published
Products (13)
cde/cde
1.01
cde/cde
1.01_x86
cde/cde
1.02
cde/cde
1.2
cde/cde
1.02_x86
cde/cde
1.2_x86
hp/hp-ux
10.10
hp/hp-ux
10.20
hp/hp-ux
11.00
hp/vvos
10.24
... and 3 more
Published
Jan 21, 1998
Tracked Since
Feb 18, 2026