Debian Security Advisory
DSA-083-1 procmail -- insecure signal handling
- Date Reported:
- 18 Oct 2001
- Affected Packages:
- procmail
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2001-0905.
- More information:
-
Using older versions of procmail it was possible to make procmail
crash by sending it signals. On systems where procmail is installed
setuid this could be exploited to obtain unauthorized privileges.
This problem has been fixed in version 3.20 by the upstream maintainer, included in Debian unstable, and was ported back to version 3.15.2 which is available for the stable Debian GNU/Linux 2.2.
We recommend that you upgrade your procmail package immediately.
- Fixed in:
-
Debian GNU/Linux 2.2 (potato)
- Source:
- http://security.debian.org/dists/stable/updates/main/source/procmail_3.15.2-1.diff.gz
- http://security.debian.org/dists/stable/updates/main/source/procmail_3.15.2-1.dsc
- http://security.debian.org/dists/stable/updates/main/source/procmail_3.15.2.orig.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/procmail_3.15.2-1.dsc
- Alpha:
- http://security.debian.org/dists/stable/updates/main/binary-alpha/procmail_3.15.2-1_alpha.deb
- ARM:
- http://security.debian.org/dists/stable/updates/main/binary-arm/procmail_3.15.2-1_arm.deb
- Intel ia32:
- http://security.debian.org/dists/stable/updates/main/binary-i386/procmail_3.15.2-1_i386.deb
- Motorola 680x0:
- http://security.debian.org/dists/stable/updates/main/binary-m68k/procmail_3.15.2-1_m68k.deb
- PowerPC:
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/procmail_3.15.2-1_powerpc.deb
- Sun Sparc:
- http://security.debian.org/dists/stable/updates/main/binary-sparc/procmail_3.15.2-1_sparc.deb
MD5 checksums of the listed files are available in the original advisory.