CVE-1999-1214

Name of the Vulnerable Software and Affected Versions 4.4 BSD kernel

Description The issue concerns the asynchronous I/O facility in the 4.4 BSD kernel, which fails to check user credentials when setting the recipient of I/O notification. This allows local users to cause a denial of service by using certain ioctl and fcntl calls to send the signal to an arbitrary process ID.

Recommendations For 4.4 BSD kernel, consider restricting access to ioctl and fcntl calls to minimize the risk of exploitation. As a temporary workaround, limit the ability of local users to send signals to arbitrary process IDs until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.