May 30, 2001

Unsafe signal handling in sendmail

Author: JT Smith

"Sendmail signal handlers used for dealing with specific signals (SIGINT, SIGTERM, etc)
are vulnerable to numerous race conditions, including handler re-entry, interrupting
non-reentrant libc functions and entering them again from the handler (see
"References" for more details on this family of vulnerabilities). This set of vulnerabilities
exist because of unsafe library function calls from signal handlers (malloc, free, syslog,
operations on global buffers, etc)." Full details at Help Net Security.

Category:

  • Linux
Click Here!