Description
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.
Product(s):
- bsd bsd *
- Bsd Bsd -
- Bsd Bsd 4.1
- Bsd Bsd 4.2
- Bsd Bsd 4.3
- Bsd Bsd 4.4
- FreeBSD 6.2
- NetBSD 2.0.4
- OpenBSD 2.1
- SGI IRAX
- SGI IRIX 4.0.1
- SGI IRIX 4.0.1T
- SGI IRIX 4.0.2
- SGI IRIX 4.0.3
- SGI IRIX 4.0.4
- SGI IRIX 4.0.4B
- SGI IRIX 4.0.4T
- SGI IRIX 4.0.5
- SGI IRIX 4.0.5 IOP
- SGI IRIX 4.0.5A
- SGI IRIX 4.0.5B
- SGI IRIX 4.0.5D
- SGI IRIX 4.0.5E
- SGI IRIX 4.0.5F
- SGI IRIX 4.0.5G
- SGI IRIX 4.0.5H
- SGI IRIX 5.0.1
- SGI IRIX 5.1.1
- SGI IRIX 5.1
- SGI IRIX 5.2
- SGI IRIX 5.3
- SGI IRIX 5.3 XFS
- SGI IRIX 6.0.1
- SGI IRIX 6.0.1 XFS
- SGI IRIX 6.0
- SGI IRIX 6.1
- SGI IRIX 6.2
- SGI IRIX 6.3
- SGI IRIX 6.4
- SGI IRIX 6.5.10
- SGI IRIX 6.5.10f
- SGI IRIX 6.5.10m
- SGI IRIX 6.5.11
- SGI IRIX 6.5.11f
- SGI IRIX 6.5.11m
- SGI IRIX 6.5.12
- SGI IRIX 6.5.12f
- SGI IRIX 6.5.12m
- SGI IRIX 6.5.13
- SGI IRIX 6.5.13f
- SGI IRIX 6.5.13m
- SGI IRIX 6.5.14
- SGI IRIX 6.5.14f
- SGI IRIX 6.5.14m
- SGI IRIX 6.5.15
- SGI IRIX 6.5.15f
- SGI IRIX 6.5.15m
- SGI IRIX 6.5.16
- SGI IRIX 6.5.16f
- SGI IRIX 6.5.16m
- SGI IRIX 6.5.17
- SGI IRIX 6.5.17f
- SGI IRIX 6.5.17m
- SGI IRIX 6.5.18
- SGI IRIX 6.5.18f
- SGI IRIX 6.5.18m
- SGI IRIX 6.5.19
- SGI IRIX 6.5.19f
- SGI IRIX 6.5.19m
- SGI IRIX 6.5.1
- SGI IRIX 6.5.20
- SGI IRIX 6.5.20f
- SGI IRIX 6.5.20m
- SGI IRIX 6.5.21
- SGI IRIX 6.5.21f
- SGI IRIX 6.5.21m
- SGI IRIX 6.5.22
- SGI IRIX 6.5.22m
- SGI IRIX 6.5.23
- SGI IRIX 6.5.24
- SGI IRIX 6.5.25
- SGI IRIX 6.5.26
- SGI IRIX 6.5.27
- SGI IRIX 6.5.2
- SGI IRIX 6.5.2f
- SGI IRIX 6.5.2m
- SGI IRIX 6.5.3
- SGI IRIX 6.5.3f
- SGI IRIX 6.5.3m
- SGI IRIX 6.5.4
- SGI IRIX 6.5.4f
- SGI IRIX 6.5.4m
- SGI IRIX 6.5.5
- SGI IRIX 6.5.5f
- SGI IRIX 6.5.5m
- SGI IRIX 6.5.6
- SGI IRIX 6.5.6f
- SGI IRIX 6.5.6m
- SGI IRIX 6.5.7
- +9 additional
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-1999-1214, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-1999-1214 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.