CVE-1999-0040

SGI IRIX - Buffer Overflow in Xt Library

Title source: llm

Exploitation Summary

EIP tracks 5 public exploits for CVE-1999-0040. PoCs published by jGgM, bloodmask, Ming Zhang.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in libXt (CVE-1999-0040) via xterm, using a crafted environment variable to execute arbitrary shellcode. The shellcode drops privileges (seteuid/setuid) and spawns a shell (/bin/sh).

Description

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Exploits (5)

exploitdb WORKING POC VERIFIED

by jGgM · clocalunix

https://www.exploit-db.com/exploits/19202

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in libXt (CVE-1999-0040) via xterm, using a crafted environment variable to execute arbitrary shellcode. The shellcode drops privileges (seteuid/setuid) and spawns a shell (/bin/sh).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: libXt (X Windows System) via xterm

No auth needed

Prerequisites: Vulnerable version of libXt linked to a setuid/setgid binary (e.g., xterm) · Ability to execute xterm with crafted arguments

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by jGgM · clocalunix

https://www.exploit-db.com/exploits/19201

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the libXt library (CVE-1999-0040) via the dtterm application. It constructs a malicious buffer with NOP sleds, shellcode, and a manipulated return address to achieve arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: libXt (via dtterm)

No auth needed

Prerequisites: Presence of vulnerable libXt version · dtterm installed and accessible

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by bloodmask · clocalunix

https://www.exploit-db.com/exploits/19200

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in libXt (CVE-1999-0040) on IRIX systems. It crafts a malicious buffer with NOP sleds, shellcode, and return addresses to execute arbitrary code via vulnerable setuid/setgid X11 applications.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: libXt (X Windows System) on IRIX 5.2, 5.3, 6.2, 6.3

No auth needed

Prerequisites: Access to vulnerable IRIX system · Presence of vulnerable setuid/setgid X11 applications

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Ming Zhang · clocallinux

https://www.exploit-db.com/exploits/331

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in cxterm (CVE-1999-0040) by overflowing a buffer with NOP sleds and shellcode to execute arbitrary commands. It is designed for Linux systems, specifically tested on Slackware 3.1 and 3.2.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: cxterm (version not specified, likely older versions)

No auth needed

Prerequisites: cxterm installed on the target system · ability to execute the exploit binary on the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by b0z0 bra1n · clocallinux

https://www.exploit-db.com/exploits/322

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in xterm (CVE-1999-0040) by injecting shellcode into the buffer and manipulating the return address to execute arbitrary code. The shellcode spawns a /bin/sh shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: xterm (version not specified, likely older versions)

No auth needed

Prerequisites: Vulnerable version of xterm installed · Ability to execute xterm with crafted arguments

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0040

Scores

EPSS 0.0123

EPSS Percentile 64.9%

Details

Status published

Products (43)

bsdi/bsd_os 2.0

bsdi/bsd_os 2.0.1

bsdi/bsd_os 2.1

freebsd/freebsd 1.1.5.1

freebsd/freebsd 2.0

hp/hp-ux 9.00

hp/hp-ux 9.01

hp/hp-ux 9.10

hp/hp-ux 10.00

hp/hp-ux 10.01

... and 33 more

Published May 01, 1997

Tracked Since Feb 18, 2026