CVE-1999-1399

SpaceWare 7.3 v1.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1399. PoCs published by J.A. Guitierrez.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in the SpaceBall game on Irix 6.2 by manipulating the $HOSTNAME environment variable to execute arbitrary commands, leading to privilege escalation by creating a setuid root shell.

Description

spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users to gain root privileges by setting the HOSTNAME environmental variable to contain the commands to be executed.

Exploits (1)

exploitdb WORKING POC VERIFIED

by J.A. Guitierrez · bashdosirix

https://www.exploit-db.com/exploits/19357

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in the SpaceBall game on Irix 6.2 by manipulating the $HOSTNAME environment variable to execute arbitrary commands, leading to privilege escalation by creating a setuid root shell.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: SpaceBall game on Irix 6.2

No auth needed

Prerequisites: Access to a system running Irix 6.2 with the SpaceBall game installed · Ability to set environment variables

MITRE ATT&CK

T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/471

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=87602746719552&w=2

Scores

EPSS 0.0089

EPSS Percentile 54.5%

Details

Status published

Products (1)

sgi/irix 6.2

Published Aug 20, 1997

Tracked Since Feb 18, 2026