CVE Catalog

CVE-1999-1214

Low
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

21th percentile — higher than 21% of all known CVEs

Summary

The asynchronous I/O facility in the 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, allowing local users to cause a denial of service.

Risk Assessment

Local users can exploit this vulnerability to send signals to arbitrary process IDs, leading to system instability.

Recommendation

It is recommended to update the kernel to the latest version that includes security patches and to implement additional user credential checks.

Original NVD description (English source)

The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS