CVE-1999-1491

Red Hat Linux 2.1 - Local Command Execution via Trojan Horse Program in Relative Path

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1491. PoCs published by David J Meltzer.

AI-analyzed exploit summary This exploit leverages a path traversal vulnerability in the suid-root game 'abuse.console' on Red Hat Linux 2.1 to execute arbitrary code as root. It creates a malicious 'sndrv' script in /tmp that copies /bin/sh to /tmp/abuser and sets the suid bit.

Description

abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which allows local users to execute arbitrary commands via a path that points to a Trojan horse program.

Exploits (1)

exploitdb WORKING POC VERIFIED

by David J Meltzer · bashlocallinux

https://www.exploit-db.com/exploits/19279

View Code ZIP pw:eip

This exploit leverages a path traversal vulnerability in the suid-root game 'abuse.console' on Red Hat Linux 2.1 to execute arbitrary code as root. It creates a malicious 'sndrv' script in /tmp that copies /bin/sh to /tmp/abuser and sets the suid bit.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Red Hat Linux 2.1 (abuse.console in games package)

No auth needed

Prerequisites: Red Hat Linux 2.1 with the games package installed · abuse.console must be suid-root

MITRE ATT&CK

T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/354

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=87602167418994&w=2

Scores

EPSS 0.0192

EPSS Percentile 77.3%

Details

Status published

Products (1)

redhat/linux 2.1

Published Feb 02, 1996

Tracked Since Feb 18, 2026