CVE-1999-0906

SUSE Linux - Buffer Overflow via HOME Environment Variable

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0906. PoCs published by Brock Tellier.

AI-analyzed exploit summary This exploit leverages a buffer overflow in the HOME environment variable handling of sccw on SuSE 6.2 to achieve local privilege escalation. It crafts a malicious buffer with NOP sleds and shellcode to execute /tmp/sc, which spawns a root shell.

Description

Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Brock Tellier · bashlocallinux

https://www.exploit-db.com/exploits/19508

View Code ZIP pw:eip

This exploit leverages a buffer overflow in the HOME environment variable handling of sccw on SuSE 6.2 to achieve local privilege escalation. It crafts a malicious buffer with NOP sleds and shellcode to execute /tmp/sc, which spawns a root shell.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: sccw on SuSE 6.2

No auth needed

Prerequisites: Local access to the target system · sccw installed on SuSE 6.2

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/656

Scores

EPSS 0.0080

EPSS Percentile 51.6%

Details

Status published

Products (1)

suse/suse_linux 6.2

Published Sep 23, 1999

Tracked Since Feb 18, 2026