CVE-1999-1477
Description
Buffer overflow in GNOME libraries 1.0.8 allows local users to gain root access via a crafted --espeaker argument.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in GNOME libraries 1.0.8 allows local users to gain root access via a crafted --espeaker argument.
Vulnerability
A buffer overflow vulnerability exists in GNOME's shared libraries when handling the --espeaker command-line argument. This issue affects GNOME libraries version 1.0.8 and potentially the esound library version 0.2.8. Local users can trigger this overflow by calling programs linked against these libraries with a long --espeaker argument, such as in setuid root programs like /usr/games/nethack [1].
Exploitation
An attacker needs local access to the system and must be able to execute a program linked against the vulnerable GNOME libraries. The attacker can exploit this by invoking a target program, such as /usr/games/nethack, with a specially crafted command-line argument that includes --espeaker= followed by an oversized buffer. This crafted argument will overwrite memory, potentially allowing the execution of arbitrary code [1].
Impact
Successful exploitation of this buffer overflow allows a local user to gain root privileges. This is achieved by attacking setuid binaries that are linked against the vulnerable GNOME libraries. The attacker can execute arbitrary code with the privileges of the setuid binary, which in this case is root [1].
Mitigation
This vulnerability was addressed in later versions of GNOME libraries. While a specific fixed version and release date are not provided in the available references, updating to a non-vulnerable version of the GNOME libraries or esound is the recommended mitigation. No workarounds are described in the provided references, and the vulnerability is not listed as actively exploited in the wild [1].
AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- cpe:2.3:a:gnome:gnome_libs:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:6.0:*:*:*:*:*:*:*
- Range: =1.0.8
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"A buffer overflow vulnerability exists in GNOME's shared libraries when handling the '--espeaker' command line argument."
Attack vector
A local user can exploit this vulnerability by calling a program linked against GNOME libraries with a long '--espeaker' argument. For example, programs like nethack, which are setuid root, can be targeted. Providing a buffer exceeding 80 bytes to the '--espeaker' argument triggers the overflow, potentially allowing the user to gain root privileges [ref_id=1].
Affected code
The vulnerability is located within GNOME's shared libraries, specifically in the handling of the '--espeaker' command line argument. It is suspected to be in the libesd shared library, potentially affecting esound version 0.2.8 [ref_id=1].
What the fix does
The advisory does not specify a patch or provide details on how the vulnerability is fixed. Remediation guidance suggests updating GNOME libraries to a version that addresses this buffer overflow.
Preconditions
- authThe attacker must have local user access to the affected system.
- inputThe attacker must be able to execute a program linked against vulnerable GNOME libraries, such as a setuid root binary like nethack.
Reproduction
The provided reference includes a bash script that demonstrates how to compile and run an exploit against programs like nethack. It involves creating C source files for a payload and an executor, compiling them, and then repeatedly calling the target program with the crafted argument to trigger the overflow [ref_id=1].
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- www.securityfocus.com/archive/1/28717nvdExploitVendor Advisory
- www.securityfocus.com/bid/663nvdExploitPatchVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/3349nvd
News mentions
0No linked articles in our index yet.