CVE-1999-0845
Description
A buffer overflow in SCO's su program allows local users to gain root privileges by providing a long username.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overflow in SCO's su program allows local users to gain root privileges by providing a long username.
Vulnerability
Certain versions of SCO Unixware, specifically Unixware 2.1, 7.0, 7.0.1, 7.1, and 7.1.1, contain a buffer overflow vulnerability in the su(1) program. This vulnerability exists because su(1) does not properly validate user-supplied data, such as a username provided on the command line [1].
Exploitation
An attacker with local access can exploit this vulnerability by executing the su command with an overly long username. The su program, being SUID root, is susceptible to this overflow when processing the username argument [1].
Impact
Successful exploitation of this buffer overflow allows a local user to gain root privileges on the affected system. This means an attacker can execute arbitrary commands with the highest level of system authority [1].
Mitigation
No specific patched version or release date is disclosed in the available references. As of the publication of this CVE, there is no information on workarounds or if the vulnerability has been fixed. The affected software is SCO Unixware [1].
AI Insight generated on Jun 4, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.