What is CVE-1999-1303?

CVE-1999-1303 is a publicly disclosed cybersecurity vulnerability with a HIGH severity rating and CVSS score of 7.2.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-1999-1303

HIGH7.2/ 10.0

Published: November 30, 1994 at 05:00 AM

Modified: April 3, 2025 at 01:03 AM

Source: cve@mitre.org

Vulnerability Description

Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users to gain root access.

CVSS Metrics

Base Score

7.2

Severity

HIGH

Vector String

AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses (CWE)

NVD-CWE-Other

Source: nvd@nist.gov

AI Security Analysis

01 // Technical Summary

SCO UNIX 4.2 and earlier systems are vulnerable to a critical local privilege escalation via the prwarn utility. Successful exploitation allows attackers to gain root access, granting complete control over the compromised system and potentially leading to significant data breaches and system compromise. This vulnerability is a legacy issue, but could still be present in legacy systems and emulators.

02 // Vulnerability Mechanism

Step 1: Input Preparation: The attacker crafts a malicious input string designed to exploit the vulnerability in prwarn. This input is likely to contain shellcode and padding to overwrite memory locations.

03 // Deep Technical Analysis

The vulnerability lies within the prwarn utility in SCO UNIX 4.2 and earlier. The root cause is likely a buffer overflow or a similar memory corruption vulnerability. The prwarn utility, when processing user-supplied input, fails to properly validate the size of the input before writing it to a fixed-size buffer. This allows an attacker to overwrite adjacent memory locations, potentially overwriting critical data structures or the return address of the function. By carefully crafting the input, an attacker can overwrite the return address with the address of malicious code (e.g., a shellcode) that grants root privileges. The exact mechanism would depend on the specific implementation of prwarn and the system's memory layout, but the core issue is a lack of bounds checking and improper input validation.