CVE-1999-1214

CVSS 2.0 Score 2.1 of 10 (low)

Details

Published Sep 15, 1997
Updated: Oct 10, 2017
CWE ID 255

Summary

CVE-1999-1214 is a vulnerability affecting the asynchronous I/O facility in the 4.4 BSD kernel. This issue permits local users to cause a denial of service by manipulating certain ioctl and fcntl calls. The vulnerability arises due to the lack of user credential checks when setting the recipient of I/O notifications. As a result, an attacker can maliciously cause signals to be sent to arbitrary process IDs, leading to system instability and potential downtime. This vulnerability poses a significant risk, particularly in environments with multiple users or processes, and should be addressed through appropriate patching or configuration changes.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • SGI IRAX
  • BSD BSD
  • NetBSD
  • OpenBSD

Affected Vendors

  • OpenBSD Project
  • Netbsd
  • Blue State Digital
  • Saskatchewan Government Insurance