CVE-1999-1399
Description
Local users can gain root privileges on IRIX 6.2 by setting the HOSTNAME environment variable when running the spaceball program from SpaceWare 7.3 v1.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local users can gain root privileges on IRIX 6.2 by setting the HOSTNAME environment variable when running the spaceball program from SpaceWare 7.3 v1.0.
Vulnerability
The spaceball program in SpaceWare 7.3 v1.0 on IRIX 6.2 unsafely uses the HOSTNAME environment variable, allowing command injection. The program likely passes the variable's value to a shell or system call without sanitization, enabling arbitrary command execution as root. [1]
Exploitation
An attacker with local access sets the HOSTNAME environment variable to a command string (e.g., /bin/chmod 4755 /tmp/sh) and then runs spaceball with input 6. This makes /tmp/sh setuid root. Subsequently, executing /tmp/sh provides a root shell. The exploit can also be used to run any command as root, such as launching an xterm. [1]
Impact
Successful exploitation grants the attacker full root privileges on the system, allowing complete control over the affected IRIX 6.2 host. [1]
Mitigation
The reference suggests two workarounds: (a) remove the spaceball program entirely, as it runs demos with root privileges, or (b) set HOSTNAME=/usr/bsd/hostname in the "Utilities" section of $SWDIR/spaceball.sh. No official patch is mentioned in the available reference. [1]
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/471nvdExploitPatchVendor Advisory
- marc.infonvd
News mentions
0No linked articles in our index yet.