CVE-1999-0390 is a high-severity buffer overflow vulnerability found in the Dosemu Slang library on Linux systems. Dosemu is a Linux-based DOS emulator that allows running DOS applications within a Linux environment. The vulnerability arises from improper handling of input data within the Slang library, which is used by Dosemu for screen handling and other terminal-related functions. Specifically, the buffer overflow occurs when the library processes input that exceeds the allocated buffer size, leading to memory corruption. This can allow an attacker with local access to execute arbitrary code with the privileges of the Dosemu process. The CVSS score of 7.2 reflects a high impact on confidentiality, integrity, and availability, with low attack complexity and no authentication required. The attack vector is local (AV:L), meaning the attacker must have local access to the system to exploit this vulnerability. Although no known exploits are reported in the wild and no patches are currently available, the vulnerability remains a significant risk for affected Linux versions, particularly those running Dosemu versions 4.0 through 5.2. Exploitation could lead to denial of service or privilege escalation, compromising system security and stability.

For European organizations, the impact of this vulnerability depends largely on the use of Dosemu within their Linux environments. Organizations relying on legacy systems or running DOS applications via Dosemu could face risks of local privilege escalation or denial of service attacks. This could lead to unauthorized access to sensitive data, disruption of critical services, and potential lateral movement within internal networks. Given the vulnerability affects older Linux versions, organizations with outdated infrastructure or insufficient patch management policies are at higher risk. The confidentiality, integrity, and availability of systems could be compromised, potentially affecting business operations, regulatory compliance (such as GDPR), and trustworthiness of IT services. Although exploitation requires local access, insider threats or attackers who gain initial foothold through other means could leverage this vulnerability to escalate privileges and deepen their presence in the network.

Since no official patches are available, European organizations should consider the following specific mitigation strategies: 1) Disable or uninstall Dosemu if it is not essential to business operations to eliminate the attack surface. 2) Restrict local access to systems running Dosemu by enforcing strict user access controls and monitoring for unauthorized local logins. 3) Employ application whitelisting and endpoint protection solutions to detect and prevent exploitation attempts targeting the Slang library. 4) Use containerization or sandboxing techniques to isolate Dosemu processes, limiting the impact of potential exploitation. 5) Regularly audit and update Linux systems to supported versions where this vulnerability is not present or has been mitigated. 6) Implement comprehensive logging and intrusion detection to identify suspicious activities related to Dosemu usage. 7) Educate system administrators about the risks associated with legacy software components and encourage migration to modern alternatives.