CWE 387

Signal Errors

Category ID: 387 (Category)

Status: Incomplete

Description

Description Summary

Weaknesses in this category are related to the improper handling of signals.

Applicable Platforms

Languages

C++

Observed Examples

Reference	Description
CVE-2002-2039	unhandled SIGSERV signal allows core dump
CVE-1999-1224	SIGABRT (abort) signal not properly handled, causing core dump.
CVE-2004-1014	Remote attackers cause a crash using early connection termination, which generates SIGPIPE signal.
CVE-2005-2377	Library does not handle a SIGPIPE signal when a server becomes available during a search query. Overlaps unchecked error condition?
CVE-2002-0839	SIGUSR1 can be sent as root from non-root process.
CVE-1999-1441	Kernel does not prevent users from sending SIGIO signal, which causes crash in applications that do not handle it. Overlaps privileges.
CVE-2000-0747	Script sends wrong signal to a process and kills it.
CVE-1999-1326	Interruption of operation causes signal to be handled incorrectly, leading to crash.
CVE-2001-1180	Shared signal handlers not cleared when executing a process. Overlaps initialization error.
CVE-2004-2069	Privileged process does not properly signal unprivileged process after session termination, leading to connection consumption.
CVE-2004-2259	SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free. Possibly signal handler race condition?
CVE-2005-0893	Certain signals implemented with unsafe library calls.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Category	361	Time and State	Development Concepts (primary)699
ChildOf	Category	634	Weaknesses that Affect System Processes	Resource-specific Weaknesses (primary)631
ParentOf	Weakness Base	364	Signal Handler Race Condition	Development Concepts699

Affected Resources

System Process

Taxonomy Mappings

Mapped Taxonomy Name	Node ID	Fit	Mapped Node Name
PLOVER			Signal Errors

Maintenance Notes

Several sub-categories could exist, but this needs more study. Some sub-categories might be unhandled signals, untrusted signals, and sending the wrong signals.

Content History

Submissions
Submission Date	Submitter	Organization	Source
	PLOVER		Externally Mined

Modifications
Modification Date	Modifier	Organization	Source
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Applicable Platforms, Description, Maintenance Notes, Relationships, Observed Example, Other Notes, Taxonomy Mappings, Type
2009-07-27	CWE Content Team	MITRE	Internal
2009-07-27	updated Observed Examples
2009-12-28	CWE Content Team	MITRE	Internal
2009-12-28	updated Other Notes

CWE 387

COMPANY

STANDARDS

RECENT POSTS

MENU