CVE-2001-1180 | Vulnerability Database | Aqua Security

FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child.

Affected Software

Name	Vendor	Start Version	End Version
Freebsd	Freebsd	4.0 (including)	4.0 (including)
Freebsd	Freebsd	4.1 (including)	4.1 (including)
Freebsd	Freebsd	4.2 (including)	4.2 (including)
Freebsd	Freebsd	4.3 (including)	4.3 (including)

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:42.signal.v1.1.asc
http://archives.neohapsis.com/archives/bugtraq/2001-07/0179.html
http://ciac.llnl.gov/ciac/bulletins/l-111.shtml
http://www.kb.cert.org/vuls/id/943633
http://www.osvdb.org/1897
http://www.securityfocus.com/bid/3007
https://exchange.xforce.ibmcloud.com/vulnerabilities/6829
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:42.signal.v1.1.asc
http://archives.neohapsis.com/archives/bugtraq/2001-07/0179.html
http://ciac.llnl.gov/ciac/bulletins/l-111.shtml
http://www.kb.cert.org/vuls/id/943633
http://www.osvdb.org/1897
http://www.securityfocus.com/bid/3007
https://exchange.xforce.ibmcloud.com/vulnerabilities/6829

NVD	https://nvd.nist.gov/vuln/detail/CVE-2001-1180
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html