Exploitation Summary
EIP tracks 1 public exploit for CVE-1999-1499. PoCs published by Joe H.
AI-analyzed exploit summary This exploit leverages a symbolic link vulnerability in BIND (named daemon) to overwrite or append to arbitrary files when SIGINT or SIGIOT signals are sent. The PoC demonstrates creating symbolic links to /etc/passwd to achieve privilege escalation or file corruption.
Description
named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used.
Exploits (1)
This exploit leverages a symbolic link vulnerability in BIND (named daemon) to overwrite or append to arbitrary files when SIGINT or SIGIOT signals are sent. The PoC demonstrates creating symbolic links to /etc/passwd to achieve privilege escalation or file corruption.