CVE-2001-0905 - Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local us

CVE-2001-0905

Summary

Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local users to cause a denial of service or gain root privileges by sending a signal while a signal handling routine is already running.

References

Vulnerable Configurations

cpe:2.3:a:procmail:procmail:3.12:*:*:*:*:*:*:*
cpe:2.3:a:procmail:procmail:3.12:*:*:*:*:*:*:*
cpe:2.3:a:procmail:procmail:3.20:*:*:*:*:*:*:*
cpe:2.3:a:procmail:procmail:3.20:*:*:*:*:*:*:*

CVSS

Base:	6.2 (as of 10-10-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:H/Au:N/C:C/I:C/A:C

redhat via4

advisories

rhsa

id	RHSA-2001:093

refmap via4

bid	3071
conectiva	CLA-2001:433
debian	DSA-083
freebsd	FreeBSD-SA-01:60
mandrake	MDKSA-2001:085
xf	procmail-signal-handling-race(6872)

Last major update

10-10-2017 - 01:29

Published

18-10-2001 - 04:00

Last modified

10-10-2017 - 01:29