CVE-1999-0481 in OpenBSDinfo

Summary

by MITRE

Denial of service in "poll" in OpenBSD.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 04/19/2026

The vulnerability identified as CVE-1999-0481 represents a denial of service condition affecting the poll system call implementation within OpenBSD operating systems. This issue specifically targets the poll function which is used by applications to monitor multiple file descriptors for I/O events, serving as a critical component for asynchronous I/O operations in Unix-like systems. The flaw manifests when the poll system call encounters certain malformed input parameters or edge cases in its processing logic, leading to system instability and potential complete system hang or crash. This vulnerability directly impacts the reliability and availability of services running on OpenBSD systems that depend on proper poll functionality for their operation.

The technical implementation flaw stems from inadequate input validation and error handling within the poll system call handler. When processing certain combinations of file descriptor structures or timeout values, the kernel code fails to properly validate the input parameters before proceeding with the polling operations. This deficiency allows malicious actors or faulty applications to craft specific poll requests that trigger buffer overflows, null pointer dereferences, or infinite loop conditions within the kernel space. The vulnerability operates at the kernel level, making it particularly dangerous as it can compromise the entire system stability without requiring elevated privileges. According to CWE classification, this vulnerability maps to CWE-129: Improper Validation of Array Index, as the system fails to properly validate array indices used in managing file descriptor sets during polling operations.

The operational impact of CVE-1999-0481 extends beyond simple service disruption to potentially enable complete system compromise through sustained denial of service attacks. Attackers can exploit this vulnerability to repeatedly trigger the faulty poll implementation, causing system crashes that may require manual rebooting or result in persistent system unresponsiveness. Network services, web servers, and database applications running on affected OpenBSD systems become vulnerable to disruption, potentially affecting critical infrastructure operations. The vulnerability's exploitation can be automated, making it particularly dangerous in environments where continuous system availability is essential. From an ATT&CK framework perspective, this vulnerability aligns with T1499.004: Endpoint Denial of Service, representing a method for attackers to disrupt system availability through kernel-level flaws.

Mitigation strategies for this vulnerability primarily involve applying the official OpenBSD security patches that address the specific validation issues in the poll system call implementation. System administrators should immediately upgrade to patched versions of OpenBSD that contain the necessary kernel modifications to properly validate input parameters and handle edge cases in poll operations. Additionally, implementing monitoring solutions that can detect unusual poll system call patterns or excessive system resource consumption may help identify exploitation attempts. Network segmentation and access controls can limit potential attack vectors, while regular system auditing and vulnerability scanning should be conducted to ensure complete remediation. Organizations should also consider implementing redundant systems or failover mechanisms to maintain service availability during patch deployment or in case of successful exploitation attempts. The vulnerability highlights the importance of thorough kernel input validation and proper error handling in maintaining system stability and security.

Disclosure

03/22/1999

Moderation

accepted

Entry

VDB-14577

CPE

ready

EPSS

0.00955

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!