CVE-2001-0905 — Signal Handler Race Condition in Procmail

CWE-364 — Signal Handler Race Condition5 documents5 sources

Severity

6.2MEDIUMNVD

EPSS

0.0%

top 85.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Procmail

Timeline

PublishedOct 18

Latest updateMay 3

Description

Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local users to cause a denial of service or gain root privileges by sending a signal while a signal handling routine is already running.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages1 packages

▶NVDprocmail/procmail3.20

Patches

Patch: ftp.freebsd.org ↗Patch: www.debian.org ↗Patch: www.linux-mandrake.com ↗

🔴Vulnerability Details

GHSA

GHSA-gjq2-7fjr-x6vv: Race condition in signal handling of procmail 3↗2022-05-03

▶

📋Vendor Advisories

Red Hat

security flaw↗2001-07-03

▶

📐Framework References

CWE

Signal Handler Race Condition↗

▶

💬Community

Bugzilla

CVE-2001-0905 security flaw↗2018-08-16

▶