Home » Hacking News » Procmail Unsafe Signal Handling Race Condition Vulnerability
Procmail Unsafe Signal Handling Race Condition Vulnerability
by Phiber on September 26th, 2001 The problems lie in several signal handlers used by the program. By generating a signal while a signal handling operation is already in progress, an attacker could interrupt a non-reentrant libc function and enter it again from the handler.
Precise timing in such an attack could possibly result in, for example, heap corruption or interruption during privilege lowering.
- This set of vulnerabilities exist because of reentrant library function calls from signal handlers (malloc, free, syslog, operations on global buffers, etc).
- Conditions where these types of attacks may be possible are known to exist in procmail, which is installed setuid root and locally executable.
Solution:
Procmail Procmail 3.10:
RedHat RPM 5.2 alpha procmail-3.21-0.52.alpha.rpm
ftp://updates.redhat.com/5.2/en/os/alpha/procmail-3.21-0.52.alpha.rpm
RedHat RPM 5.2 i386 procmail-3.21-0.52.i386.rpm
ftp://updates.redhat.com/5.2/en/os/i386/procmail-3.21-0.52.i386.rpm
RedHat RPM 5.2 sparc procmail-3.21-0.52.sparc.rpm
ftp://updates.redhat.com/5.2/en/os/sparc/procmail-3.21-0.52.sparc.rpm
Procmail Procmail 3.11:
Procmail Procmail 3.13:
Procmail Procmail 3.14:
RedHat RPM 6.2 alpha procmail-3.21-0.62.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/procmail-3.21-0.62.alpha.rpm
RedHat RPM 6.2 sparc procmail-3.21-0.62.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/procmail-3.21-0.62.sparc.rpm
RedHat RPM 6.2 i386 procmail-3.21-0.62.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/procmail-3.21-0.62.i386.rpm
RedHat RPM 7.0 i386 procmail-3.21-0.71.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/procmail-3.21-0.71.i386.rpm
RedHat RPM 7.0 alpha procmail-3.21-0.71.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/procmail-3.21-0.71.alpha.rpm
RedHat RPM 7.1 ia64 procmail-3.21-0.71.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/procmail-3.21-0.71.ia64.rpm
RedHat RPM 7.1 i386 procmail-3.21-0.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/procmail-3.21-0.71.i386.rpm
RedHat RPM 7.1 alpha procmail-3.21-0.71.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/procmail-3.21-0.71.alpha.rpm