CVE-1999-1409

IRIX 6.2 & NetBSD 1.3.2 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1409. PoCs published by Gutierrez.

AI-analyzed exploit summary The exploit describes a vulnerability in NetBSD and IRIX where the `at` command incorrectly sets UID to 0 before opening files, allowing unauthorized file reads. The provided command demonstrates reading `/etc/shadow` via email.

Description

The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Gutierrez · textlocalnetbsd_x86
https://www.exploit-db.com/exploits/19261

The exploit describes a vulnerability in NetBSD and IRIX where the `at` command incorrectly sets UID to 0 before opening files, allowing unauthorized file reads. The provided command demonstrates reading `/etc/shadow` via email.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: NetBSD <= 1.3.2, IRIX 6.2-6.5.1
No auth needed
Prerequisites: Access to a vulnerable system with the `at` command
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/331
Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.shmoo.com/mail/bugtraq/jul98/msg00064.html
Vendor Advisory vendor-advisory x_refsource_netbsd
ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA1998-004.txt.asc
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/7577.php
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=90233906612929&w=2

Scores

EPSS 0.0095
EPSS Percentile 57.0%

Details

Status published
Products (11)
netbsd/netbsd 1.0
netbsd/netbsd 1.1
netbsd/netbsd 1.2
netbsd/netbsd 1.2.1
netbsd/netbsd 1.3
netbsd/netbsd 1.3.1
netbsd/netbsd < 1.3.2
sgi/irix 6.2
sgi/irix 6.4
sgi/irix 6.5
... and 1 more
Published Jul 03, 1998
Tracked Since Feb 18, 2026