CVE-1999-0825

UnixWare - Unprotected Mail Spoofing via Default /var/mail Permissions

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0825. PoCs published by Brock Tellier.

AI-analyzed exploit summary This exploit demonstrates an information leakage vulnerability in SCO UnixWare 7.1 where the /var/mail directory has world-writable permissions (777), allowing an attacker to create mail files for other users and read their incoming mail.

Description

The default permissions for UnixWare /var/mail allow local users to read and modify other users' mail.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Brock Tellier · textlocalsco

https://www.exploit-db.com/exploits/19657

View Code ZIP pw:eip

This exploit demonstrates an information leakage vulnerability in SCO UnixWare 7.1 where the /var/mail directory has world-writable permissions (777), allowing an attacker to create mail files for other users and read their incoming mail.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SCO UnixWare 7.1

No auth needed

Prerequisites: Access to a system running SCO UnixWare 7.1 · Knowledge of target usernames

MITRE ATT&CK

T1083 - File and Directory Discovery T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/849

Scores

EPSS 0.0058

EPSS Percentile 43.2%

Details

Status published

Products (3)

sco/unixware 7.0

sco/unixware 7.0.1

sco/unixware 7.1

Published Dec 03, 1999

Tracked Since Feb 18, 2026