Vulnerability Details : CVE-1999-1214
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-1999-1214
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-1999-1214
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST |
CWE ids for CVE-1999-1214
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-1999-1214
Products affected by CVE-1999-1214
- cpe:2.3:o:bsd:bsd:*:*:*:*:*:*:*:*
- cpe:2.3:o:bsd:bsd:4.4:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:6.2:stable:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:*:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*