Exploitation Summary
EIP tracks 1 public exploit for CVE-1999-0836. PoCs published by Brock Tellier.
AI-analyzed exploit summary This exploit leverages a symlink attack in SCO UnixWare's /usr/bin/uidadmin to overwrite /etc/security/tcb/privs, adding a malicious binary to the privileged programs list. After reboot, the binary grants a root shell by exploiting the dacwrite privilege.
Description
UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Brock Tellier · perllocalsco
https://www.exploit-db.com/exploits/19654
This exploit leverages a symlink attack in SCO UnixWare's /usr/bin/uidadmin to overwrite /etc/security/tcb/privs, adding a malicious binary to the privileged programs list. After reboot, the binary grants a root shell by exploiting the dacwrite privilege.
Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target:
SCO UnixWare 7.1
No auth needed
Prerequisites:
Access to a UnixWare 7.1 system · Ability to execute /usr/bin/uidadmin · Write access to /tmp
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Various Sources vendor-advisory
x_refsource_sco
ftp://ftp.sco.com/SSE/security_bulletins/SB-99.22a
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991202160111.20553.qmail%40nwcst282.netaddress.usa.net
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/842
Scores
EPSS
0.0313
EPSS Percentile
86.2%
Details
Status
published
Products (4)
sco/unixware
7.0
sco/unixware
7.0.1
sco/unixware
7.1
sco/unixware
7.1.1
Published
Dec 02, 1998
Tracked Since
Feb 18, 2026