CVE-1999-0215

IRIX - Unauthenticated Arbitrary File Write via Routed

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0215. PoCs published by Rootshell.

AI-analyzed exploit summary This exploit targets a vulnerability in the routed daemon (CVE-1999-0215) by sending a spoofed RIP packet with the 'traceon' command to append debug output to an arbitrary file as root. It leverages the lack of file path validation in older versions of routed on systems like IRIX and Caldera OpenLinux.

Description

Routed allows attackers to append data to files.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Rootshell · cremoteirix
https://www.exploit-db.com/exploits/20805

This exploit targets a vulnerability in the routed daemon (CVE-1999-0215) by sending a spoofed RIP packet with the 'traceon' command to append debug output to an arbitrary file as root. It leverages the lack of file path validation in older versions of routed on systems like IRIX and Caldera OpenLinux.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: routed daemon (IRIX 3.x-6.4, Caldera OpenLinux 1.0-1.1)
No auth needed
Prerequisites: Network access to the target system · Ability to spoof RIP packets · Target system running vulnerable routed daemon
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/19981004-01-PX
Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/j-012.shtml

Scores

EPSS 0.0573
EPSS Percentile 92.1%

Details

Status published
Products (8)
sgi/irix 3
sgi/irix 4
sgi/irix 5
sgi/irix 6.0.1
sgi/irix 6.1
sgi/irix 6.2
sgi/irix 6.3
sgi/irix 6.4
Published Oct 26, 1998
Tracked Since Feb 18, 2026