CVE-1999-1341
Description
Local unprivileged Linux users can forge IP packets via TIOCSETD on tty devices in kernels before 2.3.18/2.2.13pre15.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local unprivileged Linux users can forge IP packets via TIOCSETD on tty devices in kernels before 2.3.18/2.2.13pre15.
Vulnerability
A vulnerability in the Linux kernel before version 2.3.18 or 2.2.13pre15 allows local unprivileged users to send forged IP packets. The bug exists in the code handling the TIOCSETD ioctl on tty devices when SLIP (Serial Line IP) or PPP (Point-to-Point Protocol) support is compiled into the kernel or available as a loadable module [1]. By changing the line discipline on a tty device via TIOCSETD, an attacker can manipulate packet framing and bypass normal IP stack checks, enabling arbitrary packet injection [1].
Exploitation
An attacker needs only a shell account on the target system and does not require any special permissions or setuid binaries. The attacker opens a tty device, uses the TIOCSETD ioctl to switch the line discipline to a SLIP or PPP discipline, and then crafts raw IP packets through that interface. Because the kernel treats the device as a legitimate network interface, the crafted packets are transmitted without the usual restrictions imposed on raw sockets [1]. The attack can be performed without any race condition or user interaction beyond local shell access.
Impact
A successful exploit allows a local unprivileged user to send arbitrary IP packets with forged source addresses and payloads. This capability effectively grants write-only access to a raw IP socket, enabling IP spoofing attacks. The attacker can bypass firewall rules that rely on source addresses for authentication (e.g., NFS, r-services) and launch attacks against internal networks that trust the source IP [1]. The impact is full compromise of IP-layer trust models from the affected machine.
Mitigation
The vulnerability is fixed in Linux kernel version 2.3.18 (with the ac6 patch) and 2.2.13pre15 [1]. Users of older kernels should upgrade to these or later versions. As a workaround, administrators can remove SLIP and PPP support from the kernel (by not compiling or loading the modules) or enforce a default-deny input firewall policy to block untrusted IP packets [1]. No known KEV listing exists for this CVE.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <2.3.18 or <2.2.13pre15
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- marc.infonvdMailing ListThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/7858nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.