CVE-1999-0064

IBM AIX - Buffer Overflow in lquerylv Program

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0064. PoCs published by Georgi Guninski.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the `lquerylv` program, leveraging shellcode to execute `/bin/sh`. It manipulates environment variables to trigger the overflow and achieve remote code execution.

Description

Buffer overflow in AIX lquerylv program gives root access to local users.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Georgi Guninski · clocalaix

https://www.exploit-db.com/exploits/335

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the `lquerylv` program, leveraging shellcode to execute `/bin/sh`. It manipulates environment variables to trigger the overflow and achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: lquerylv (version unspecified, likely older AIX or Linux systems)

No auth needed

Prerequisites: Presence of vulnerable `lquerylv` binary · Ability to execute the binary with crafted environment variables

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Mailing List x_refsource_misc

https://marc.info/?l=bugtraq&m=87602167418428&w=2

Scores

EPSS 0.0075

EPSS Percentile 49.9%

Details

Status published

Products (10)

ibm/aix 3.2

ibm/aix 3.2.4

ibm/aix 3.2.5

ibm/aix 4.1

ibm/aix 4.1.1

ibm/aix 4.1.2

ibm/aix 4.1.3

ibm/aix 4.1.4

ibm/aix 4.1.5

ibm/aix 4.2

Published May 26, 1997

Tracked Since Feb 18, 2026