Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1214

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-1999-1214
Last Modified 10 Mar 2011 12:00:00
Published 15 Sep 1997 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-1999-1214

Summary

The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.

Vulnerable Systems

Operating System

  • Bsd

  • Bsd 4.4

  • Freebsd 6.2

  • Netbsd 2.0.4

  • Openbsd 2.1

  • Sgi Irix


References

XF - openbsd-iosig(556)

MISC - http://www.openbsd.com/advisories/signals.txt

OSVDB - 11062

OPENBSD - 19970915 Vulnerability in I/O Signal Handling


Last Updated: 27 May 2016 10:35:20