What is CVE-1999-1230?

CVE-1999-1230 is a publicly disclosed cybersecurity vulnerability with a MEDIUM severity rating and CVSS score of 5.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-1999-1230

MEDIUM5.0/ 10.0

Published: December 24, 1997 at 05:00 AM

Modified: April 3, 2025 at 01:03 AM

Source: cve@mitre.org

Vulnerability Description

Quake 2 server allows remote attackers to cause a denial of service via a spoofed UDP packet with a source address of 127.0.0.1, which causes the server to attempt to connect to itself.

CVSS Metrics

Base Score

5.0

Severity

MEDIUM

Vector String

AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses (CWE)

NVD-CWE-Other

Source: nvd@nist.gov

AI Security Analysis

01 // Technical Summary

Quake 2 servers are vulnerable to a denial-of-service (DoS) attack. Attackers can exploit a flaw in the server's handling of UDP packets to force the server to repeatedly attempt connections to itself, consuming resources and rendering the server unavailable. This vulnerability is easily triggered and can disrupt online gaming services.

02 // Vulnerability Mechanism

Step 1: Packet Crafting: The attacker crafts a UDP packet. The packet's payload is irrelevant; the key is the source IP address. Step 2: Source IP Spoofing: The attacker spoofs the source IP address of the UDP packet to 127.0.0.1 (localhost). Step 3: Packet Delivery: The attacker sends the crafted packet to the target Quake 2 server. Step 4: Server Processing: The Quake 2 server receives the packet. Due to the spoofed source IP, the server attempts to connect to itself. Step 5: Recursive Connection Attempts: The server repeatedly attempts to connect to itself, consuming resources and creating a DoS condition.

03 // Deep Technical Analysis

The vulnerability stems from a lack of proper input validation and source address verification in the Quake 2 server's UDP packet handling. Specifically, the server doesn't adequately check the source IP address of incoming packets. When a packet with a spoofed source IP of 127.0.0.1 (localhost) is received, the server attempts to establish a connection to itself. This creates a recursive loop of connection attempts, rapidly consuming server resources such as CPU and network bandwidth, ultimately leading to a DoS condition. The root cause is a missing check or incorrect handling of the source IP address, allowing a malicious actor to trigger a resource exhaustion attack.