Title: Procmail Unsafe Signal Handling Race Condition Vulnerability
Severity: MODERATE
Description:
Several potential race condition vulnerabilities exist in Procmail.
The problems lie in several signal handlers used by the program. By generating a signal while a signal handling operation is already in progress, an attacker could interrupt a non-reentrant libc function and enter it again from the handler. Precise timing in such an attack could possibly result in, for example, heap corruption or interruption during privilege lowering.
This set of vulnerabilities exist because of reentrant library function calls from signal handlers (malloc, free, syslog, operations on global buffers, etc).
Conditions where these types of attacks may be possible are known to exist in procmail, which is installed setuid root and locally executable.
Affected Products:
- MandrakeSoft Corporate Server 1.0.1
- MandrakeSoft Linux Mandrake 7.1.0
- MandrakeSoft Linux Mandrake 7.2.0
- MandrakeSoft Linux Mandrake 8.0.0
- MandrakeSoft Linux Mandrake 8.0.0 ppc
- MandrakeSoft Linux Mandrake 8.1.0
- MandrakeSoft Single Network Firewall 7.2.0
- Procmail Procmail 3.10.0
- Procmail Procmail 3.11.0
- Procmail Procmail 3.13.0
- Procmail Procmail 3.14.0
- Procmail Procmail 3.15.0
- Procmail Procmail 3.20.0
- RedHat Linux 5.2.0
- RedHat Linux 6.2.0
- RedHat Linux 7.0.0
- RedHat Linux 7.1.0
References:
- Philip Guenther: Change to the procmail snapshot (SECURITY, release candidate)
- Philip Guenther: Procmail version 3.20 released
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
