CVE-1999-1488

IBM System Data Repository - Unauthenticated Arbitrary File Read

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1488. PoCs published by Chuck Athey & Jim Garlick.

AI-analyzed exploit summary This exploit targets a vulnerability in the IBM SP2 System Data Repository (SDR) daemon 'sdrd' due to lack of authentication. It allows unauthenticated file retrieval (get) from any host and file upload/replacement (put/replace) from within SP2 nodes via directory traversal.

Description

sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote attackers to read files without authentication.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Chuck Athey & Jim Garlick · cremotelinux

https://www.exploit-db.com/exploits/19297

View Code ZIP pw:eip

This exploit targets a vulnerability in the IBM SP2 System Data Repository (SDR) daemon 'sdrd' due to lack of authentication. It allows unauthenticated file retrieval (get) from any host and file upload/replacement (put/replace) from within SP2 nodes via directory traversal.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: IBM SP2 SDR daemon (sdrd) on AIX 4.1/4.2

No auth needed

Prerequisites: Network access to TCP port 5712 on the target IBM SP2 system

MITRE ATT&CK

T1005 - Data from Local System T1040 - Network Sniffing

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/371

Patch, Vendor Advisory third-party-advisory government-resource x_refsource_ciac

http://ciac.llnl.gov/ciac/bulletins/i-079a.shtml

Third Party Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/7217.php

Scores

EPSS 0.0365

EPSS Percentile 88.1%

Details

Status published

Products (1)

ibm/system_data_repository sp_2.0

Published Dec 31, 1999

Tracked Since Feb 18, 2026