Vulnerabilities > CVE-1999-0040

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

exploit available

NVD

Published: 1997-05-01

Updated: 2022-08-17

Summary

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Vulnerable Configurations

Part	Description	Count
OS	Sgi SGI Irix 5.3 SGI Irix 4.0 SGI Irix 6.1 SGI Irix 6.4 SGI Irix 5.0 SGI Irix 6.0 SGI Irix 6.3 SGI Irix 6.2	8
OS	Sun SUN Sunos 5.3 SUN Sunos 4.1.4 SUN Sunos 5.4 SUN Sunos 5.5 SUN Sunos 5.5.1 SUN Sunos 4.1.3U1 SUN Sunos 4.1.3 SUN Solaris 2.4 SUN Solaris 2.5.1 SUN Solaris 2.5	10
OS	Hp HP HP UX 10.30 HP HP UX 9.10 HP HP UX 10.01 HP HP UX 10.00 HP HP UX 9.00 HP HP UX 10.20 HP HP UX 10.24 HP HP UX 10.08 HP HP UX 10.34 HP HP UX 10.09 HP HP UX 10.16 HP HP UX 10.10 HP HP UX 9.01	13
OS	Nec NEC EWS UX V 4.2Mp NEC EWS UX V 4.2 NEC ASL UX 4800 64 NEC UP UX V 4.2Mp	4
OS	Bsdi Bsdi BSD OS 2.0.1 Bsdi BSD OS 2.1 Bsdi BSD OS 2.0	3
OS	Freebsd Freebsd Freebsd 1.1.5.1 Freebsd Freebsd 2.0	2
OS	Ibm IBM AIX 4.2 IBM AIX 3.2 IBM AIX 4.1	3

Exploit-Db

description	Xt Library Local Root Command Execution Exploit. CVE-1999-0040. Local exploit for linux platform
id	EDB-ID:322
last seen	2016-01-31
modified	1996-08-24
published	1996-08-24
reporter	b0z0 bra1n
source	https://www.exploit-db.com/download/322/
title	Xt Library Local Root Command Execution Exploit

description	BSD/OS 2.1,Caldera UnixWare 7/7.1 .0,FreeBSD FreeBSD 1.1.5 .1/2.0 ,HP HP-UX 10.34,IBM AIX 4.2,SGI IRIX 6.3,SunOS 4.1.4 libXt library Vulnerability (1). CVE-...
id	EDB-ID:19200
last seen	2016-02-02
modified	1997-08-25
published	1997-08-25
reporter	bloodmask
source	https://www.exploit-db.com/download/19200/
title	BSD/OS <= 2.1 & Caldera UnixWare 7/7.1.0 & FreeBSD 1.1.5.1/2.0 , HP HP-UX <= 10.34 & IBM AIX <= 4.2 & SGI IRIX <= 6.3 & SunOS <= 4.1.4 - libXt library Vulnerability 1

description	BSD/OS 2.1,Caldera UnixWare 7/7.1 .0,FreeBSD FreeBSD 1.1.5 .1/2.0 ,HP HP-UX 10.34,IBM AIX 4.2,SGI IRIX 6.3,SunOS 4.1.4 libXt library Vulnerability (3). CVE-1...
id	EDB-ID:19202
last seen	2016-02-02
modified	1997-08-25
published	1997-08-25
reporter	jGgM
source	https://www.exploit-db.com/download/19202/
title	BSD/OS <= 2.1 & Caldera UnixWare 7/7.1.0 & FreeBSD 1.1.5.1/2.0 , HP HP-UX <= 10.34 & IBM AIX <= 4.2 & SGI IRIX <= 6.3 & SunOS <= 4.1.4 - libXt library Vulnerability 3

description	BSD/OS 2.1,Caldera UnixWare 7/7.1 .0,FreeBSD FreeBSD 1.1.5 .1/2.0 ,HP HP-UX 10.34,IBM AIX 4.2,SGI IRIX 6.3,SunOS 4.1.4 libXt library Vulnerability (2). CVE-1...
id	EDB-ID:19201
last seen	2016-02-02
modified	1997-08-25
published	1997-08-25
reporter	jGgM
source	https://www.exploit-db.com/download/19201/
title	BSD/OS <= 2.1 & Caldera UnixWare 7/7.1.0 & FreeBSD 1.1.5.1/2.0 , HP HP-UX <= 10.34 & IBM AIX <= 4.2 & SGI IRIX <= 6.3 & SunOS <= 4.1.4 - libXt library Vulnerability 2

description	LibXt XtAppInitialize() overflow *xterm exploit. CVE-1999-0040. Local exploit for linux platform
id	EDB-ID:331
last seen	2016-01-31
modified	1997-05-14
published	1997-05-14
reporter	Ming Zhang
source	https://www.exploit-db.com/download/331/
title	LibXt XtAppInitialize Overflow *xterm Exploit

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0040

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.