CVE-1999-0720

Linux Kernel - Unauthenticated TTY Terminal Device Modification via pt_chown

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0720. PoCs published by Michal Zalewski.

AI-analyzed exploit summary This exploit targets a vulnerability in pt_chown (glibc 2.1.x) to write arbitrary data to tty streams by leveraging a lack of security checks. It forks a process to execute pt_chown and uses ioctl to inject commands into the terminal.

Description

The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Michal Zalewski · clocallinux

https://www.exploit-db.com/exploits/19467

View Code ZIP pw:eip

This exploit targets a vulnerability in pt_chown (glibc 2.1.x) to write arbitrary data to tty streams by leveraging a lack of security checks. It forks a process to execute pt_chown and uses ioctl to inject commands into the terminal.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: pt_chown (glibc 2.1.x, RedHat Linux 6.0)

No auth needed

Prerequisites: Writable /dev/ttyXX allocated by software like screen

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/597

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355-300000%40nimue.ids.pl

Scores

EPSS 0.0072

EPSS Percentile 49.1%

Details

Status published

Products (1)

linux/linux_kernel 2.6.20.1

Published Aug 23, 1999

Tracked Since Feb 18, 2026