CVE-1999-0036

HIGH

IRIX - Unrestricted File Upload via Login Program LOCKOUT Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-1999-0036. PoCs published by David Hedley.

AI-analyzed exploit summary This exploit targets a buffer overflow in the /bin/login program on Silicon Graphics Irix systems. It leverages the -h option to overflow the log buffer, allowing local privilege escalation to root by executing shellcode.

Description

IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.

Exploits (2)

exploitdb WORKING POC VERIFIED

by David Hedley · clocalirix

https://www.exploit-db.com/exploits/19310

View Code ZIP pw:eip

This exploit targets a buffer overflow in the /bin/login program on Silicon Graphics Irix systems. It leverages the -h option to overflow the log buffer, allowing local privilege escalation to root by executing shellcode.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Silicon Graphics Irix /bin/login (versions 5.3, 6.2, 6.3)

No auth needed

Prerequisites: Local access to the target system · Compilation with appropriate flags for the target Irix version

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by David Hedley · clocalirix

https://www.exploit-db.com/exploits/336

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in /bin/login on Irix systems (versions 5.x and 6.x). It uses a stack-based overflow with NOP sleds and shellcode to execute arbitrary commands, specifically spawning a shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: /bin/login on Irix 5.x and 6.x

No auth needed

Prerequisites: Access to the target system's login prompt · Ability to compile and execute the exploit on the target architecture

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/990

Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac

http://www.ciac.org/ciac/bulletins/h-106.shtml

Vendor Advisory vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/19970508-02-PX

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/557

Scores

CVSS v3 8.4

EPSS 0.0141

EPSS Percentile 69.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (8)

sgi/irix 5.1

sgi/irix 5.2

sgi/irix 5.3

sgi/irix 6.0

sgi/irix 6.1

sgi/irix 6.2

sgi/irix 6.3

sgi/irix 6.4

Published May 26, 1997

Tracked Since Feb 18, 2026