VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 18, 1999· Updated Apr 16, 2026

CVE-1999-0745

CVE-1999-0745

Description

A buffer overflow in IBM AIX's pdnsd component allows local or remote attackers to gain root privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A buffer overflow in IBM AIX's pdnsd component allows local or remote attackers to gain root privileges.

Vulnerability

A buffer overflow vulnerability exists in the Source Code Browser's Program Database Name Server Daemon (pdnsd) component, which is part of the C Set ++ compiler for IBM AIX. This issue affects systems running vulnerable versions of AIX and the C Set ++ compiler.

Exploitation

An attacker can exploit this vulnerability by sending specially crafted data to the pdnsd service. Successful exploitation allows an attacker to execute arbitrary code with root privileges on the vulnerable system. The exploit requires network access to the target system and does not appear to require authentication [1].

Impact

Successful exploitation of this buffer overflow allows an attacker to gain complete control over the affected system, including the ability to execute arbitrary commands and compromise all data. The attacker effectively obtains root privileges on the compromised machine [1].

Mitigation

No specific patch or fixed version information is available in the provided references. Users are advised to consult IBM for potential updates or workarounds. It is unknown if this vulnerability is actively exploited or if it has been mitigated by other means [1].

References
  1. AIX 4.1/4.2 - 'pdnsd' Remote Buffer Overflow

AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • IBM/Aix5 versions
    cpe:2.3:o:ibm:aix:2.2.1:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:ibm:aix:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:ibm:aix:3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:ibm:aix:3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:ibm:aix:3.2.4:*:*:*:*:*:*:*
    • cpe:2.3:o:ibm:aix:3.2.5:*:*:*:*:*:*:*
  • IBM/AIX C Set ++ compilerllm-create

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"A buffer overflow vulnerability exists in the Source Code Browser's Program Database Name Server Daemon (pdnsd) component."

Attack vector

An attacker can exploit this vulnerability by sending a specially crafted network request to the pdnsd service. This request can cause a buffer overflow, allowing the attacker to potentially gain root privileges on the vulnerable system. The exploit targets AIX 4.1 and 4.2 systems running the C Set ++ compiler [ref_id=1].

Affected code

The vulnerability lies within the Source Code Browser's Program Database Name Server Daemon (pdnsd) component, which is part of the C Set ++ compiler for IBM AIX. The exploit code targets specific memory addresses and shellcode for AIX 4.1 and 4.2, indicating the overflow occurs during the handling of network requests by pdnsd [ref_id=1].

What the fix does

The provided bundle does not contain information about a patch or specific remediation steps. The advisory indicates that the vulnerability is in the pdnsd component of the C Set ++ compiler for AIX. Users are advised to consult vendor advisories for appropriate mitigation strategies.

Preconditions

  • networkThe vulnerable pdnsd service must be accessible over the network.
  • configThe system must be running IBM AIX 4.1 or 4.2 with the C Set ++ compiler.

Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.