CVE-1999-0513 in Linux
Summary
by MITRE
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 04/17/2026
The vulnerability described in CVE-1999-0513 represents a fundamental flaw in network protocol implementation that enables malicious actors to execute smurf attacks against targeted systems. This vulnerability specifically affects the handling of Internet Control Message Protocol messages when they are directed to broadcast addresses, creating a pathway for distributed denial of service attacks that can overwhelm network resources and render systems unavailable to legitimate users. The security implications extend beyond simple network disruption as they represent a critical weakness in the foundational network infrastructure protocols that govern internet communication.
The technical flaw lies in the improper validation of ICMP message destinations within network implementations, particularly when these messages are directed toward broadcast addresses rather than specific unicast addresses. When systems receive ICMP echo requests or other control messages intended for broadcast addresses, they typically respond by sending replies to the originating address, which in the case of broadcast messages gets amplified across the entire network segment. This amplification factor, combined with the ability to forge source addresses, creates an environment where attackers can generate massive volumes of network traffic that can saturate bandwidth and exhaust system resources. The vulnerability is particularly dangerous because it exploits the legitimate functionality of ICMP protocols while leveraging their broadcast characteristics to amplify attack vectors.
The operational impact of this vulnerability manifests as significant network disruption and service unavailability, with potential for cascading failures across interconnected systems. A successful smurf attack can generate traffic volumes that exceed network capacity, leading to complete denial of service for the targeted network or system. The attack operates by sending ICMP echo requests with spoofed source addresses to broadcast addresses, causing all systems within the broadcast domain to respond to the forged source address, thereby flooding the target with ICMP replies. This type of attack can be executed with minimal resources by attackers and can quickly overwhelm network infrastructure, making it particularly attractive for malicious actors seeking to disrupt services without requiring sophisticated tools or extensive computational resources.
Network administrators and security professionals should implement several mitigation strategies to address this vulnerability, including configuring network devices to drop ICMP messages received on broadcast addresses, disabling ICMP broadcast responses on routers and switches, and implementing proper source address validation. The vulnerability aligns with CWE-1229 which specifically addresses the issue of allowing ICMP messages to broadcast addresses, and it maps to ATT&CK technique T1498 which covers network denial of service attacks. Organizations should also deploy ingress and egress filtering to prevent source address spoofing, configure firewalls to block suspicious ICMP traffic patterns, and implement rate limiting to control the volume of ICMP responses. Additionally, regular network monitoring and intrusion detection systems should be deployed to identify and alert on unusual ICMP traffic patterns that may indicate smurf attack activity. The remediation process requires careful consideration of network architecture and functionality, as disabling legitimate ICMP broadcast responses may impact network diagnostic tools and legitimate network operations that depend on these protocols.