CVE-1999-0414

Linux Kernel - TCP Connection Spoofing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0414.

AI-analyzed exploit summary This exploit demonstrates blind TCP spoofing against Linux kernels in the 2.0.3x range by leveraging predictable IP ID assignment and invalid ACK sequence number handling. It uses ICMP echo requests to infer packet responses and establish a spoofed connection.

Description

In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection.

Exploits (1)

exploitdb WORKING POC

cremotelinux

https://www.exploit-db.com/exploits/19458

View Code ZIP pw:eip

This exploit demonstrates blind TCP spoofing against Linux kernels in the 2.0.3x range by leveraging predictable IP ID assignment and invalid ACK sequence number handling. It uses ICMP echo requests to infer packet responses and establish a spoofed connection.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Complex

Reliability

Racy

Target: Linux kernel 2.0.3x

No auth needed

Prerequisites: Spoofed machine must be offline or unreachable · Target machine must not be actively communicating · No packet loss between attacker and target

MITRE ATT&CK

T1557.001 - LLMNR/NBT-NS Poisoning and SMB Relay

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0414

Scores

EPSS 0.0668

EPSS Percentile 91.5%

Details

Status published

Products (4)

linux/linux_kernel 2.0.30

linux/linux_kernel 2.0.35

linux/linux_kernel 2.0.36

linux/linux_kernel 2.0.37

Published Mar 01, 1999

Tracked Since Feb 18, 2026