CVE-1999-0787

SSH Agent - Symlink Following via UNIX Domain Socket

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0787. PoCs published by Tymm Twillman.

AI-analyzed exploit summary This exploit leverages a vulnerability in SSH's handling of UNIX domain sockets, where symbolic links are followed during bind(2), allowing local users to create arbitrary socket files. The provided Perl script creates symbolic links in the /tmp/ssh-<username> directory to exploit this behavior.

Description

The SSH authentication agent follows symlinks via a UNIX domain socket.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Tymm Twillman · perllocallinux
https://www.exploit-db.com/exploits/19510

This exploit leverages a vulnerability in SSH's handling of UNIX domain sockets, where symbolic links are followed during bind(2), allowing local users to create arbitrary socket files. The provided Perl script creates symbolic links in the /tmp/ssh-<username> directory to exploit this behavior.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: SSH (versions affected by CVE-1999-0787)
Auth required
Prerequisites: Local access to the system · SSH access
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=93760201002154&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/660
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=93832856804415&w=2

Scores

EPSS 0.0101
EPSS Percentile 58.9%

Details

Status published
Products (1)
ssh/ssh 1.2.27
Published Sep 17, 1999
Tracked Since Feb 18, 2026