CVE-1999-0696

HP-UX and Solaris - Buffer Overflow in CDE Calendar Manager Service Daemon

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-1999-0696. PoCs published by jGgM, Last Stage of Delirium.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in rpc.cmsd on Solaris and HP-UX systems, allowing remote root compromise. It constructs a malicious RPC payload with shellcode to execute arbitrary commands.

Description

Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

Exploits (2)

exploitdb WORKING POC VERIFIED
by jGgM · cremotemultiple
https://www.exploit-db.com/exploits/19421

This exploit targets a buffer overflow vulnerability in rpc.cmsd on Solaris and HP-UX systems, allowing remote root compromise. It constructs a malicious RPC payload with shellcode to execute arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: rpc.cmsd (Solaris, HP-UX 10.20, 10.30, 11.0)
No auth needed
Prerequisites: Network access to vulnerable rpc.cmsd service · Target system running vulnerable Solaris/HP-UX version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Last Stage of Delirium · cremotemultiple
https://www.exploit-db.com/exploits/19420

This exploit targets a buffer overflow vulnerability in rpc.cmsd on Solaris and HP-UX systems, allowing remote root compromise. It includes shellcode for SPARC architecture to spawn a root shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: rpc.cmsd (Solaris 2.5, 2.5.1, 2.6, 2.7, HP-UX 10.20, 10.30, 11.0)
No auth needed
Prerequisites: Network access to vulnerable rpc.cmsd service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory vendor-advisory x_refsource_sun
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/188
Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/j-051.shtml
Various Sources vendor-advisory x_refsource_hp
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9908-102

Scores

EPSS 0.1216
EPSS Percentile 95.6%

Details

Status published
Products (9)
hp/hp-ux 10.24
hp/hp-ux 11.00
sun/solaris 2.5
sun/solaris 2.6
sun/sunos 4.1.3
sun/sunos 5.3
sun/sunos 5.4
sun/sunos 5.5
sun/sunos 5.5.1
Published Jul 01, 1999
Tracked Since Feb 18, 2026