CVE-1999-1490

xosview 1.5.1 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1490. PoCs published by Chris Evans.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in xosview 1.5.1 by overflowing the HOME environment variable. It uses a standard stack-based overflow technique with NOP sleds and shellcode to execute arbitrary code, gaining root access locally.

Description

xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Chris Evans · clocallinux

https://www.exploit-db.com/exploits/19281

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in xosview 1.5.1 by overflowing the HOME environment variable. It uses a standard stack-based overflow technique with NOP sleds and shellcode to execute arbitrary code, gaining root access locally.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: xosview 1.5.1

No auth needed

Prerequisites: xosview installed setuid root · open X display · local access to the system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=90221101926034&w=2

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=90221101926021&w=2

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/362

Third Party Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/8787.php

Scores

EPSS 0.0093

EPSS Percentile 55.8%

Details

Status published

Products (1)

redhat/linux 5.1

Published May 28, 1998

Tracked Since Feb 18, 2026