CVE-1999-0405
Description
A buffer overflow in the lsof utility allows local users to gain root privileges by exploiting a vulnerability in its handling of command-line arguments.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overflow in the lsof utility allows local users to gain root privileges by exploiting a vulnerability in its handling of command-line arguments.
Vulnerability
A buffer overflow vulnerability exists in the lsof utility, a file management tool commonly included in Linux distributions. When lsof is executed with setuid root or setgid kmem privileges, it is susceptible to this overflow, which can be triggered by local users. The exact affected versions are not specified in the available references, but the vulnerability is present in versions that run with elevated privileges [1].
Exploitation
An attacker with local access to the affected system can exploit this vulnerability. The exploit involves providing a specially crafted, overly long argument to the lsof command. This input overflows a buffer, overwriting the return address on the stack. The exploit code then redirects execution to shellcode, which is designed to spawn a shell with the privileges of the lsof process, typically root [1].
Impact
Successful exploitation of this buffer overflow allows a local user to gain root privileges on the affected system. This means an attacker can execute arbitrary commands with the highest level of system access, potentially compromising the entire system, stealing sensitive data, or installing malware.
Mitigation
No specific patched version or release date is mentioned in the provided references. Users are advised to restrict execution of lsof with setuid root or setgid kmem privileges if possible. Further information on mitigation or patched versions may be available from the lsof developers or distribution maintainers [1].
AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
28cpe:2.3:o:debian:debian_linux:2.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:2.0.5:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:2.0:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:o:freebsd:freebsd:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:2.1.7.1:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:3.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:4.2:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:o:suse:suse_linux:4.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:4.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.