Vulnerabilities > CVE-1999-1214 - Credentials Management vulnerability in multiple products

The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.

Vulnerable Configurations

Part	Description	Count
OS	Sgi SGI Irix *	1
OS	Bsd BSD BSD * BSD BSD 4.4	2
OS	Freebsd Freebsd Freebsd 6.2	1
OS	Netbsd Netbsd Netbsd 2.0.4	1
OS	Openbsd Openbsd Openbsd 2.1	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www.openbsd.com/advisories/signals.txt
http://www.osvdb.org/11062
https://exchange.xforce.ibmcloud.com/vulnerabilities/556