CVE-1999-0125

SGI IRIX - Buffer Overflow in mailx

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-1999-0125. PoCs published by segv, Alvaro Martinez Echevarria.

AI-analyzed exploit summary This exploit leverages a buffer overflow in /bin/mailx to execute arbitrary code, allowing an attacker to read files accessible by the 'mail' group. The PoC requires setting the SHELL environment variable to invoke the exploit.

Description

Buffer overflow in SGI IRIX mailx program.

Exploits (2)

exploitdb WORKING POC VERIFIED

by segv · clocallinux

https://www.exploit-db.com/exploits/19312

View Code ZIP pw:eip

This exploit leverages a buffer overflow in /bin/mailx to execute arbitrary code, allowing an attacker to read files accessible by the 'mail' group. The PoC requires setting the SHELL environment variable to invoke the exploit.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: /bin/mailx (BSD-derived systems)

No auth needed

Prerequisites: Access to a vulnerable system with /bin/mailx · Ability to set environment variables

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Alvaro Martinez Echevarria · clocallinux

https://www.exploit-db.com/exploits/19311

View Code ZIP pw:eip

This exploit leverages a buffer overflow in the /bin/mailx program via the HOME environment variable to execute arbitrary shellcode, potentially gaining group 'mail' privileges. It uses a combination of NOP sleds and shellcode to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: mailx (BSD-derived versions)

No auth needed

Prerequisites: mailx installed setgid mail · vulnerable version of mailx

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/19980605-01-PX

Scores

EPSS 0.0115

EPSS Percentile 62.8%

Details

Status published

Products (11)

redhat/linux 4.2

sgi/irix 5.2

sgi/irix 5.3

sgi/irix 6.3

sun/solaris 2.4

sun/solaris 2.5

sun/solaris 2.5.1 (2 CPE variants)

sun/solaris 2.6

sun/sunos

sun/sunos 5.5

... and 1 more

Published Jan 25, 1998

Tracked Since Feb 18, 2026