CVE-1999-1394

BSD 4.4 - Authenticated Immutable Flag Bypass via Filesystem Editor

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1394. PoCs published by Stealth.

AI-analyzed exploit summary This is a writeup describing a vulnerability in 4.4BSD derivatives where secure level 1 can be bypassed by writing directly to unmounted devices to clear file flags, allowing modification of immutable files. It outlines a hypothetical exploit scenario but does not include actual exploit code.

Description

BSD 4.4 based operating systems, when running at security level 1, allow the root user to clear the immutable and append-only flags for files by unmounting the file system and using a file system editor such as fsdb to directly modify the file through a device.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Stealth · textlocalbsd

https://www.exploit-db.com/exploits/19411

View Code ZIP pw:eip

This is a writeup describing a vulnerability in 4.4BSD derivatives where secure level 1 can be bypassed by writing directly to unmounted devices to clear file flags, allowing modification of immutable files. It outlines a hypothetical exploit scenario but does not include actual exploit code.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: 4.4BSD derivatives

Auth required

Prerequisites: root access · secure level set to 1 · ability to unmount partitions

MITRE ATT&CK

T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/510

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=93094058620450&w=2

Scores

EPSS 0.0061

EPSS Percentile 44.4%

Details

Status published

Products (1)

bsd/bsd 4.4

Published Jul 02, 1999

Tracked Since Feb 18, 2026