CVE-1999-0027

SGI IRIX - Buffer Overflow in Eject Command

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-1999-0027. PoCs published by Last Stage of Delirium, DCRH, LSD-PLaNET.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the setuid root 'eject' program on Irix 6.2. It overwrites the return address on the stack to execute arbitrary shellcode, achieving root privilege escalation.

Description

root privileges via buffer overflow in eject command on SGI IRIX systems.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Last Stage of Delirium · clocalirix

https://www.exploit-db.com/exploits/19277

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the setuid root 'eject' program on Irix 6.2. It overwrites the return address on the stack to execute arbitrary shellcode, achieving root privilege escalation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Irix 6.2 eject program

No auth needed

Prerequisites: Access to a system running Irix 6.2 · The 'eject' program must be setuid root

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by DCRH · clocalirix

https://www.exploit-db.com/exploits/19276

View Code ZIP pw:eip

This exploit leverages a stack-based buffer overflow in the setuid root `eject` program on Irix 6.2 to overwrite the return address and execute arbitrary shellcode, granting root access. The PoC includes shellcode to spawn a shell and handles stack address calculation and NOP sled placement.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Irix 6.2 eject program

No auth needed

Prerequisites: Access to a vulnerable Irix 6.2 system · Ability to compile and execute the exploit binary

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by LSD-PLaNET · clocalirix

https://www.exploit-db.com/exploits/334

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the `eject` command on IRIX systems, allowing arbitrary code execution via shellcode injection. It uses NOP sleds and precise memory addressing to overwrite the return address and execute malicious payloads.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IRIX eject command (version unspecified, likely IRIX 5.x/6.x)

No auth needed

Prerequisites: Access to a vulnerable IRIX system with the eject command · Ability to execute the compiled exploit binary

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0027

Scores

EPSS 0.0116

EPSS Percentile 62.9%

Details

CWE

CWE-119

Status published

Products (1)

sgi/irix

Published Jul 16, 1997

Tracked Since Feb 18, 2026