CVE-1999-1434

Slackware Linux <3.6 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1434. PoCs published by Richard Thomas.

AI-analyzed exploit summary This exploit describes a vulnerability in Slackware's /bin/login where the absence of /etc/group causes initgroups() to fail, resulting in uid/gid 0 assignment. The writeup explains the root cause and steps to reproduce but does not include executable code.

Description

login in Slackware Linux 3.2 through 3.5 does not properly check for an error when the /etc/group file is missing, which prevents it from dropping privileges, causing it to assign root privileges to any local user who logs on to the server.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Richard Thomas · textlocallinux
https://www.exploit-db.com/exploits/19122

This exploit describes a vulnerability in Slackware's /bin/login where the absence of /etc/group causes initgroups() to fail, resulting in uid/gid 0 assignment. The writeup explains the root cause and steps to reproduce but does not include executable code.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Slackware Linux (shadow password suite) up to version 3.5
Auth required
Prerequisites: Access to a Slackware system with shadow passwords · Ability to remove /etc/group
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/155
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=90221104525951&w=2

Scores

EPSS 0.0079
EPSS Percentile 51.9%

Details

Status published
Products (5)
slackware/slackware_linux 3.1
slackware/slackware_linux 3.2
slackware/slackware_linux 3.3
slackware/slackware_linux 3.4
slackware/slackware_linux 3.5
Published Jul 13, 1998
Tracked Since Feb 18, 2026