CVE-1999-1041

SCO OpenServer and UNIX - Buffer Overflow via Long TERM Environment Variable or .mscreenrc Entry

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1041.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in SCO OpenServer's mscreen utility. It constructs a malicious environment variable (TERM) with NOP sleds and shellcode to achieve remote code execution by overflowing the buffer and redirecting execution to the injected shellcode.

Description

Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 allows a local user to gain root access via (1) a long TERM environmental variable and (2) a long entry in the .mscreenrc file.

Exploits (1)

exploitdb WORKING POC
clocalsco
https://www.exploit-db.com/exploits/261

This exploit targets a buffer overflow vulnerability in SCO OpenServer's mscreen utility. It constructs a malicious environment variable (TERM) with NOP sleds and shellcode to achieve remote code execution by overflowing the buffer and redirecting execution to the injected shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SCO OpenServer mscreen (tested on 5.0.5)
No auth needed
Prerequisites: Access to execute /usr/bin/mscreen on a vulnerable SCO OpenServer system
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=90686250717719&w=2
Various Sources vendor-advisory x_refsource_sco
ftp://ftp.sco.com/SSE/security_bulletins/SB-98.05a
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/vendor_bulletins/VB-98.10.sco.mscreen
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/10420

Scores

EPSS 0.0103
EPSS Percentile 77.8%

Details

Status published
Products (2)
sco/openserver 5.0
sco/unix 3.2v4
Published Aug 27, 1998
Tracked Since Feb 18, 2026