CVE-1999-0388

DataLynx suGuard - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0388. PoCs published by Dr. Mudge.

AI-analyzed exploit summary This exploit targets a local privilege escalation vulnerability in DataLynx's suGuard program due to insecure /tmp usage and poor programming practices. It manipulates the PATH environment variable to execute a malicious 'ps' script, which creates a root-owned SUID shell.

Description

DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dr. Mudge · bashlocallinux

https://www.exploit-db.com/exploits/19146

View Code ZIP pw:eip

This exploit targets a local privilege escalation vulnerability in DataLynx's suGuard program due to insecure /tmp usage and poor programming practices. It manipulates the PATH environment variable to execute a malicious 'ps' script, which creates a root-owned SUID shell.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: DataLynx suGuard (sgrun)

No auth needed

Prerequisites: Local access to the system · Presence of vulnerable sgrun binary

MITRE ATT&CK

T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/3186

Scores

EPSS 0.0066

EPSS Percentile 46.8%

Details

Status published

Products (1)

datalynx/suguard 1.0

Published Jan 01, 1999

Tracked Since Feb 18, 2026