What is CVE-1999-0113?

CVE-1999-0113 is a publicly disclosed cybersecurity vulnerability with a HIGH severity rating and CVSS score of 10.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-1999-0113

HIGH10.0/ 10.0

Published: May 23, 1994 at 04:00 AM

Modified: April 3, 2025 at 01:03 AM

Source: cve@mitre.org

Vulnerability Description

Some implementations of rlogin allow root access if given a -froot parameter.

CVSS Metrics

Base Score

10.0

Severity

HIGH

Vector String

AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses (CWE)

CWE-88

Source: nvd@nist.gov

AI Security Analysis

01 // Technical Summary

Critical vulnerability in legacy rlogin implementations allows for unauthorized root access. Exploiting this flaw grants attackers complete control over the system, potentially leading to data breaches and system compromise.

02 // Vulnerability Mechanism

Step 1: Establish Connection: The attacker initiates an rlogin connection to the vulnerable server.

Step 2: Parameter Injection: The attacker crafts an rlogin command that includes the -froot parameter. This parameter is designed to specify the initial login shell.

Step 3: Authentication Bypass: The vulnerable rlogin implementation, due to a lack of proper input validation, interprets the -froot parameter as a request to log in as the root user.

Step 4: Privilege Escalation: The system grants the attacker root privileges without proper authentication.

Step 5: Root Access Granted: The attacker now has full control over the system.

03 // Deep Technical Analysis

The vulnerability stems from insufficient input validation within the rlogin service. Specifically, the service fails to properly sanitize the -f parameter, which is intended to specify the user's initial login shell. By providing the -froot parameter, an attacker can bypass authentication and gain root privileges. The root cause is a lack of proper checks on the input provided to the rlogin service, allowing the attacker to manipulate the execution flow and elevate their privileges. This is a classic example of a privilege escalation vulnerability due to inadequate parameter handling.