CVE-1999-0046

BSD/OS - Buffer Overflow via TERM Environment Variable

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0046. PoCs published by Roger Espel Llima.

AI-analyzed exploit summary This exploit targets a buffer overflow in the SUID rlogin program on IRIX systems by manipulating the TERM environment variable. It uses shellcode to spawn a root shell by overflowing the buffer with carefully crafted NOP sleds and return addresses.

Description

Buffer overflow of rlogin program using TERM environmental variable.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Roger Espel Llima · clocalunix

https://www.exploit-db.com/exploits/19203

View Code ZIP pw:eip

This exploit targets a buffer overflow in the SUID rlogin program on IRIX systems by manipulating the TERM environment variable. It uses shellcode to spawn a root shell by overflowing the buffer with carefully crafted NOP sleds and return addresses.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: rlogin on IRIX 5.2, 5.3, 6.2, 6.3

No auth needed

Prerequisites: Access to a vulnerable IRIX system with rlogin installed · rlogin must be SUID root

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0046

Scores

EPSS 0.5281

EPSS Percentile 98.8%

Details

CWE

CWE-120

Status published

Products (42)

bsdi/bsd_os 1.1

bsdi/bsd_os 2.0

bsdi/bsd_os 2.0.1

bsdi/bsd_os 2.1

debian/debian_linux 0.93

digital/ultrix

freebsd/freebsd 1.1.5.1

freebsd/freebsd 2.0

freebsd/freebsd 2.0.5

freebsd/freebsd 2.1.0

... and 32 more

Published Feb 06, 1997

Tracked Since Feb 18, 2026