CVE-1999-0864

UnixWare - Local Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0864. PoCs published by Brock Tellier.

AI-analyzed exploit summary This exploit leverages a symlink attack on UnixWare 7.1 by forcing an SGID program to dump core and overwrite a system-critical file via a guessed PID. The script creates a symlink to a writable system file and triggers a core dump in 'arp' by overflowing its input.

Description

UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Brock Tellier · bashlocalsco
https://www.exploit-db.com/exploits/19659

This exploit leverages a symlink attack on UnixWare 7.1 by forcing an SGID program to dump core and overwrite a system-critical file via a guessed PID. The script creates a symlink to a writable system file and triggers a core dump in 'arp' by overflowing its input.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Racy
Target: SCO UnixWare 7.1
No auth needed
Prerequisites: SGID binary that can be forced to core dump · write access to a directory where the core dump will be created · ability to guess or predict the PID of the target process
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=94581379905584&w=2
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=94530783815434&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/851
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=94606167110764&w=2

Scores

EPSS 0.0071
EPSS Percentile 48.5%

Details

Status published
Products (4)
sco/unixware 7.0
sco/unixware 7.0.1
sco/unixware 7.1
sco/unixware 7.1.1
Published Dec 03, 1999
Tracked Since Feb 18, 2026