CVE-1999-0305

CVSS 5.0 - MEDIUM

Description

The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections.

Affected Products

6

Vendor	Product	Version
bsdi	bsd_os	`All versions`
freebsd	freebsd	`2.2`
freebsd	freebsd	`2.2.5`
openbsd	openbsd	`2.0`
openbsd	openbsd	`2.1`
openbsd	openbsd	`2.2`

References

http://www.openbsd.org/advisories/sourceroute.txt

http://www.osvdb.org/11502

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

http://www.openbsd.org/advisories/sourceroute.txt

http://www.osvdb.org/11502

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

Weakness Types

NVD-CWE-Other

CVE Information

CVE ID:: CVE-1999-0305
Published:: 1998-02-01
Modified:: 2026-04-16
CVSS Score:: 5.0
Severity:: MEDIUM
Vector:: AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected Vendors

bsdi freebsd openbsd

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL