CVE-1999-0674

BSD Profil - Local Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0674. PoCs published by Ross Harvey.

AI-analyzed exploit summary This exploit tests for a vulnerability in *BSD systems where the profil(2) system call is not disabled during execve(2), allowing arbitrary memory increments. It checks if profiling persists across execve by monitoring a memory array.

Description

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ross Harvey · clocalmultiple

https://www.exploit-db.com/exploits/19447

View Code ZIP pw:eip

This exploit tests for a vulnerability in *BSD systems where the profil(2) system call is not disabled during execve(2), allowing arbitrary memory increments. It checks if profiling persists across execve by monitoring a memory array.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: *BSD systems (e.g., NetBSD)

No auth needed

Prerequisites: Local access to a vulnerable *BSD system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/570

Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac

http://www.ciac.org/ciac/bulletins/j-067.shtml

Scores

EPSS 0.0080

EPSS Percentile 52.0%

Details

Status published

Products (27)

netbsd/netbsd 1.0

netbsd/netbsd 1.1

netbsd/netbsd 1.2

netbsd/netbsd 1.2.1

netbsd/netbsd 1.3

netbsd/netbsd 1.3.1

netbsd/netbsd 1.3.2

netbsd/netbsd 1.3.3

netbsd/netbsd 1.4

openbsd/openbsd 2.0

... and 17 more

Published Aug 09, 1999

Tracked Since Feb 18, 2026