Vulnerabilities > CVE-1999-1214 - Credentials Management vulnerability in multiple products

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL

Summary

The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.

Vulnerable Configurations

Part Description Count
OS
Sgi
1
OS
Bsd
2
OS
Freebsd
1
OS
Netbsd
1
OS
Openbsd
1

Common Weakness Enumeration (CWE)