CVE-1999-0405

Debian Linux - Buffer Overflow in lsof

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-1999-0405. PoCs published by Zhodiac, c0nd0r.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in lsof 4.04 when run setuid root or setgid kmem. It uses a classic stack-based overflow with NOP sleds and shellcode to spawn a root shell.

Description

A buffer overflow in lsof allows local users to obtain root privilege.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Zhodiac · clocallinux

https://www.exploit-db.com/exploits/19374

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in lsof 4.04 when run setuid root or setgid kmem. It uses a classic stack-based overflow with NOP sleds and shellcode to spawn a root shell.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: lsof 4.04

No auth needed

Prerequisites: lsof 4.04 installed with setuid root or setgid kmem · ability to execute the exploit binary on the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by c0nd0r · clocallinux

https://www.exploit-db.com/exploits/19373

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in lsof (CVE-1999-0405) to achieve local privilege escalation. It overflows a buffer with a crafted payload containing NOPs and shellcode to spawn a root shell at /tmp/sh.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: lsof (versions prior to fix for CVE-1999-0405)

No auth needed

Prerequisites: lsof installed with setuid root or setgid kmem · ability to execute the exploit binary on the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/3163

Scores

EPSS 0.0076

EPSS Percentile 50.4%

Details

Status published

Products (28)

debian/debian_linux 2.0

debian/debian_linux 2.0.5

freebsd/freebsd 2.0

freebsd/freebsd 2.0.5

freebsd/freebsd 2.1.0

freebsd/freebsd 2.1.5

freebsd/freebsd 2.1.6

freebsd/freebsd 2.1.7.1

freebsd/freebsd 2.2.2

freebsd/freebsd 2.2.3

... and 18 more

Published Feb 18, 1999

Tracked Since Feb 18, 2026