Signal Errors| ID: 387 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: category | Status: INCOMPLETE |
Description
Weaknesses in this category are related to the improper
handling of signals.
Applicable PlatformsLanguage: CLanguage: C++
Common ConsequencesNone
Detection MethodsNone
Potential MitigationsNone
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-387 ChildOf CWE-634 | Category | CWE-631 | |
Demonstrative ExamplesNone
Observed Examples
- CVE-2002-2039 : unhandled SIGSERV signal allows core dump
- CVE-1999-1224 : SIGABRT (abort) signal not properly handled, causing core dump.
- CVE-2004-1014 : Remote attackers cause a crash using early connection termination, which generates SIGPIPE signal.
- CVE-2005-2377 : Library does not handle a SIGPIPE signal when a server becomes available during a search query. Overlaps unchecked error condition?
- CVE-2002-0839 : SIGUSR1 can be sent as root from non-root process.
- CVE-1999-1441 : Kernel does not prevent users from sending SIGIO signal, which causes crash in applications that do not handle it. Overlaps privileges.
- CVE-2000-0747 : Script sends wrong signal to a process and kills it.
- CVE-1999-1326 : Interruption of operation causes signal to be handled incorrectly, leading to crash.
- CVE-2001-1180 : Shared signal handlers not cleared when executing a process. Overlaps initialization error.
- CVE-2004-2069 : Privileged process does not properly signal unprivileged process after session termination, leading to connection consumption.
- CVE-2004-2259 : SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free. Possibly signal handler race condition?
- CVE-2005-0893 : Certain signals implemented with unsafe library calls.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| PLOVER | | Signal Errors | |
References:None
