CVE-1999-0735

KDE K-Mail < 1.1 - Privilege Escalation via Symlink Attack in Temporary Directories

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0735. PoCs published by Brian Mitchell.

AI-analyzed exploit summary This exploit targets a symlink vulnerability in KMail (CVE-1999-0735) by sending a malicious email with an attachment that overwrites /etc/shadow via a predictable /tmp directory. It races to create a symlink before KMail processes the attachment, potentially allowing root access.

Description

KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Brian Mitchell · clocallinux

https://www.exploit-db.com/exploits/19240

View Code ZIP pw:eip

This exploit targets a symlink vulnerability in KMail (CVE-1999-0735) by sending a malicious email with an attachment that overwrites /etc/shadow via a predictable /tmp directory. It races to create a symlink before KMail processes the attachment, potentially allowing root access.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: KMail (KDE kdenetwork package)

No auth needed

Prerequisites: Local access to the target system · KMail running on the target · Ability to send emails to the target user

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA1999015_01.html

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/300

Scores

EPSS 0.0072

EPSS Percentile 49.0%

Details

Status published

Products (1)

kde/k-mail < 1.1

Published Jan 04, 2000

Tracked Since Feb 18, 2026