CVE-1999-0069

HIGH

Sunos - Memory Corruption

Title source: rule

Exploitation Summary

EIP tracks 2 public exploits for CVE-1999-0069. PoCs published by Cheez Whiz, smm.

AI-analyzed exploit summary This exploit targets a buffer overflow in the setuid program /usr/lib/fs/ufs/ufsdump on Solaris 2.6 i386. It uses a crafted device name to overflow the buffer, execute shellcode, and escalate privileges to root.

Description

Solaris ufsrestore buffer overflow.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Cheez Whiz · clocalsolaris

https://www.exploit-db.com/exploits/19534

View Code ZIP pw:eip

This exploit targets a buffer overflow in the setuid program /usr/lib/fs/ufs/ufsdump on Solaris 2.6 i386. It uses a crafted device name to overflow the buffer, execute shellcode, and escalate privileges to root.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Solaris 2.6 i386 /usr/lib/fs/ufs/ufsdump

No auth needed

Prerequisites: Local access to the vulnerable Solaris system · Presence of the vulnerable /usr/lib/fs/ufs/ufsdump binary

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by smm · clocalsolaris

https://www.exploit-db.com/exploits/19533

View Code ZIP pw:eip

This exploit leverages a buffer overflow in the setuid program /usr/lib/fs/ufs/ufsdump to gain elevated privileges (EGID=tty) by overflowing a buffer with a crafted payload containing shellcode. The exploit calculates the stack address dynamically and injects shellcode to spawn a shell.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: ufsdump (Solaris)

No auth needed

Prerequisites: Local access to the vulnerable system · Presence of the vulnerable ufsdump binary

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory x_refsource_sun

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/169

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/8158

Scores

CVSS v3 8.4

EPSS 0.0140

EPSS Percentile 68.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-119

Status published

Products (2)

sun/sunos 5.5

sun/sunos 5.5.1

Published Apr 29, 1998

Tracked Since Feb 18, 2026