Security readout for executives and security teams
Plain-English summary
This entry flags that the systat service is running on a host. Systat is a legacy Unix information service that, when enabled, allows anyone who can reach it over the network to view details about system users, processes, and status. It is an information-disclosure exposure rather than a direct compromise, but the leaked details can help an attacker plan a follow-on attack.
Executive priority
Low priority. Treat as legacy hygiene: sweep for the service during routine port audits and disable where found. No emergency change is warranted unless a legacy Unix or appliance fleet is known to still run inetd services.
Technical view
CVE-1999-0637 describes the systat service being enabled and reachable. Systat historically listens on TCP port 11 and returns output from commands like who or ps to any requester without authentication. The CVE record contains no vendor, product, CVSS, CWE, or KEV data. Exposure depends on whether inetd or an equivalent super-server is still publishing the service on a reachable interface.
Likely exposure
Very limited in modern environments. Systat is disabled by default on contemporary Linux and BSD distributions and is rarely enabled intentionally. Residual exposure is most likely on legacy Unix hosts, embedded appliances, or lab systems where inetd-style services were never audited.
Exploitation context
Not listed in CISA KEV and no active exploitation is cited in the provided sources. The issue is characterized as information disclosure that supports reconnaissance rather than a directly exploitable vulnerability. Any exposure would be trivially discoverable through a network port scan of TCP/11.
Researcher notes
The CVE record is a minimal 1999-era "service is running" entry with no CVSS, CWE, affected product, or reference beyond the CVE.org record itself. Treat it as a configuration finding rather than a software flaw. Confirm scope by fingerprinting TCP/11 responses and correlating with inetd-style service inventories. No vendor advisories are cited in the bundle.
Mitigation direction
- Disable the systat entry in inetd.conf or xinetd configuration and reload the super-server.
- Block inbound TCP port 11 at host and perimeter firewalls.
- Uninstall legacy netkit or bsd-services packages that provide systat if unused.
- Restrict management interfaces to trusted administrative networks only.
- Consult vendor guidance for any appliance that ships systat enabled.
Validation and detection
- Scan target hosts for an open TCP port 11 and confirm no banner or process listing is returned.
- Inspect inetd.conf, xinetd.d, or systemd socket units for a systat entry and confirm it is disabled.
- Review firewall rules to verify TCP/11 is denied at ingress.
- Check asset inventory for legacy Unix hosts that may still expose finger-family services.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CVE-1999-0637 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Unknown
- CVSS
- Not scored
- Known Exploited
- No
- Published
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS and timeline data
No CVSS vectors or timeline events were available in the normalized CVE source material.
Source materials
- CVE List V5 sourceCVE List V5
- https://www.cve.org/CVERecord?id=CVE-1999-0637CVE reference · x_refsource_MISC
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
