# OS Date Reported Race Category Resource Package Other Entities Involved State Cause Effect Link _________________________________ 1 ubuntu 10.04 6/18/2010 dependency process samba nmbd startup nmdb tries to start before samba has service has finished setting up nmbd fails to start at boot https://bugs.launchpad.net/ubuntu/maverick/+source/samba/+bug/596064 _________________________________ 2 ubuntu 7.04 2/12/2007 dependency device lvm2 "schroot, mdadm, udev, devicemapper" startup sometimes devices are not ready before the two packages start up snapshot fails to load https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/84672 _________________________________ 3 ubuntu 9.10 11/5/2009 dependency file system mountall, cryptsetup udev, mkfs boot only? /dev/mapper/tmp not ready when mkft is run on it files are not mounted https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/475936 _________________________________ 4 ubuntu 9.10 11/17/2009 dependency process nfs-utils, portmap statd boot only? process tries to start twice mountall event fails https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/484209 _________________________________ 5 ubuntu 10.04 5/24/2010 dependency device multipath-tools udev, dmsetup post-startup multipath does not create a seperate /dev/mapper entry dmsetup reports map already present https://bugs.launchpad.net/ubuntu/+source/multipath-tools/+bug/585027 _________________________________ 6 ubuntu 10.04 7/28/2010 dependency process nfs-utils statd, upstart startup (boot) statd job starts before service is listening nfs filesystems fail to mount successfully after boot https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/610863 _________________________________ 7 debian 3.1 11/30/2004 atomicity file bash post-startup file being concurrently written .bash_history is deleted https://bugs.launchpad.net/debian/+source/bash/+bug/10809 _________________________________ 8 ubuntu 10.04 4/14/2010 dependency process at-spi gnome, gdmsetup boot only message sent to at-spi-registryd before it has fully started GNOME unusable https://bugs.launchpad.net/ubuntu/+source/at-spi/+bug/562776 _________________________________ 9 ubuntu 10.04 7/26/2010 dependency device udev boot only md-RAID is not ready in time RAID drive inaccessable https://bugs.launchpad.net/ubuntu/+source/udev/+bug/610107 _________________________________ 10 ubuntu 9.04 2/8/2009 dependency process ltsp (network) startup init scripts race with each other can't connect to server https://bugs.launchpad.net/ubuntu/+source/ltsp/+bug/326779 _________________________________ 11 ubuntu 8.04 11/15/2008 dependency ? (startup script?) screen upstart boot only? /etc/init.d/screen-cleanup runs too early during startup screen command runs with wrong permissions https://bugs.launchpad.net/ubuntu/+source/screen/+bug/298414 _________________________________ 12 ubuntu 10.04 5/3/2010 dependency ? (startup script?) screen "upstart, mounted-varrun" boot only? /etc/rcS.d/S70screen-cleanup runs too early during startup /var/run/screen': Permission denied https://bugs.launchpad.net/ubuntu/+source/screen/+bug/574773 _________________________________ 13 ubuntu 10.04 12/10/2010 dependency file mysql, sysvinit umount, shutdown shutdown file system never unmounted because sql is still using it file system corrupted https://bugs.launchpad.net/ubuntu/+source/sysvinit/+bug/688541 _________________________________ 14 ubuntu 9.10 11/14/2010 atomicity signal mysql, dash mariadb post-startup dash loses an exit signal during wait so it loops forever cpu is at 100% usage https://bugs.launchpad.net/ubuntu/+source/dash/+bug/675185 _________________________________ 15 ubuntu 10.10 10/20/2010 ? ? parted udev, chroot post-startup "no backwards compatible udevdm to respond to newer version udevadm after a partition change" devices stalled until timeout https://bugs.launchpad.net/ubuntu/maverick/+source/parted/+bug/664115 _________________________________ 16 ubuntu 10.04 2/21/2010 dependency file system nfs-utils, portmap statd, upstart boot only? "statd.conf start races with the mounting of /var as rpc.statd needs /var/lib/nfs to be available in dependency to work" system fails to boot https://bugs.launchpad.net/ubuntu/lucid/+source/portmap/+bug/525154 _________________________________ 17 ubuntu 10.04 12/13/2010 dependency process ifupdown "upstart, network interface" boot only? upstart script does not block list jobs network starts without security https://bugs.launchpad.net/ubuntu/natty/+source/ifupdown/+bug/689892 _________________________________ 18 ubuntu 10.04 12/8/2010 dependency process openssh, upstart boot only? "after ssh forks and has its parent exit, upstart thinks ssh crashed and tries to restart it" ssh fails https://bugs.launchpad.net/ubuntu/lucid/+source/openssh/+bug/687535 _________________________________ 19 ubuntu 12/2/2010 atomicity file scribe2 post-startup "two overlapping processes both read the same scandata and write out two different modified forms" the last write to finish is saved https://bugs.launchpad.net/scribe2/+bug/684492 _________________________________ 20 ubuntu 12/1/2010 dependency file zodb nfs (network) post-startup client tries to read mounted file before it is saved to server unable to read file https://bugs.launchpad.net/zodb/+bug/683763 _________________________________ 21 ubuntu 11/24/2010 dependency file bazaar sftp (network) post-startup shared file not closed by either client or server unable to move file https://bugs.launchpad.net/bzr/+bug/681047 _________________________________ 22 ubuntu 11/16/2010 memory? memory? openssl post-startup flaw in OpenSSL TLS server extension code parsing buffer overflow https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/676243 _________________________________ 23 ubuntu 11/13/2010 dependency file net-tools "ifconfig, network-manager" boot only? "network-manager does dhcp discovery long after startup, so you can't use ifconfig to set the address before that" ip address is reset https://bugs.launchpad.net/ubuntu/+source/net-tools/+bug/674838 _________________________________ 24 ubuntu 11/10/2010 atomicity device usb-modeswitch kernel drivers post-startup usb device is claimed by kernel drivers during usb-modeswitch configuration switch fails https://bugs.launchpad.net/ubuntu/+source/usb-modeswitch/+bug/673435 _________________________________ 25 ubuntu 10.10 10/12/2010 dependency device mountall fsck boot only? file system is busy with fsck mount fails https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/659492 _________________________________ 26 ubuntu 10.04 10/8/2010 ? ? update-manager post-startup freespace check fails, file not found updates are not installed https://bugs.launchpad.net/ubuntu/lucid/+source/update-manager/+bug/656881 _________________________________ 27 ubuntu 10.10 10/6/2010 dependency file system upstart mountall boot only "if /tmp and /usr are different filesystems, mounted-tmp starts on mounted /tmp, but no sync is done to verify if /usr is already mounted." other mounts fail https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/655447 _________________________________ 28 ubuntu 6.01 4/23/2006 dependency file mutt, openoffice post-startup mutt deletes the /tmp file immediately after openoffice opens the file word documents display as corrupted when displayed out of mutt https://bugs.launchpad.net/ubuntu/+source/mutt/+bug/40930 _________________________________ 29 ubuntu 10.10 9/22/2010 dependency ? indicator-app-menu bamf, mutter post-startup a window is closed immediately after being opened closed windows are processed by mutter https://bugs.launchpad.net/ubuntu/+source/indicator-appmenu/+bug/645355 _________________________________ 30 ubuntu 9/20/2010 memory memory play framework post-startup increment, add, and replace methods are not syncrhonized operations can be completely lost https://bugs.launchpad.net/play/+bug/643232 _________________________________ 31 ubuntu 10.04 8/19/2010 dependency process mysql, upstart post-startup mysql is killed while there are open connections that take longer than 5s tables are corrupted https://bugs.launchpad.net/ubuntu/lucid/+source/mysql-dfsg-5.1/+bug/620441 _________________________________ 32 ubuntu 10.10 9/15/2010 dependency process aptdaemon update-manager post-startup apt-get and aptdaemon do not share file locks correctly "if apt-get is called then update manager is opened it gives an error saying packag indices are broken" https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/639847 _________________________________ 33 ubuntu 10.10 9/15/2010 dependency process indicator-sound startup the service has not yet instantiated the volume widget sound menu service crashes https://bugs.launchpad.net/indicator-sound/+bug/638891 _________________________________ 34 ubuntu 10.04 9/6/2010 dependency process resolvconf "ifupdown, upstart, network-manager" boot only? resolvconf script is run before networking and ifupdown at startup "resolvconf startup script erases the DNS entries for the dhcpobtain DNS addresses on a server" https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/631681 _________________________________ 35 ubuntu 10.10 8/18/2010 dependency signal keepalived vlan, (network) startup adding a third machine to be master of an existing cluster datacenter disruptions due to gratious arp/multicast floods https://bugs.launchpad.net/ubuntu/maverick/+source/keepalived/+bug/619712 _________________________________ 36 ubuntu 10.04 8/24/2010 dependency process network-manager autofs boot only? network interface is not started in time for autofs to start cannot automount network drives after boot https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/623502 _________________________________ 37 ubuntu 10.10 8/23/2010 dependency process eucalyptus upstart, walrus, cc boot only? uec-component-listener starts too early walrus and cc fail to register, sc loops waiting for a cluser https://bugs.launchpad.net/ubuntu/maverick/+source/eucalyptus/+bug/622698 _________________________________ 38 ubuntu 8/12/2010 dependency signal zeitgeist-datahub startup "signal is delivered before reply to DataSourceRegister updating the timestamp" history from GtkRecentManager is not pushed https://bugs.launchpad.net/zeitgeist-datahub/+bug/616778 _________________________________ 39 ubuntu 10.04 8/5/2010 dependency file system mountall statd, upstart boot only? statd is not guaranteed to be in a running state when mountall starts nfs filesystems fail to mount successfully after boot https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/613825 _________________________________ 40 ubuntu 10.04 7/30/2010 dependency file system ifupdown "network-interface, mountall" boot only? "pre-start script references /var/run but /var/run is only available after mountall sends the ""local-filesystems"" event" upstart network-interface.conf fails https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/611877 _________________________________ 41 ubuntu 10.04 7/27/2010 dependency device network-manager-openvpn network-manager startup "when openvpn connects to a server with default settings, it applies the IP address information" network manager cannot apply the IP address to a TUN device https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/610361 _________________________________ 42 ubuntu 10.10 7/16/2010 dependency device xserver libdrm, initrd startup "drm stack is not included into initrd using FRAMEBUFFER=yes with initramfs-tools" X fails to find a screen https://bugs.launchpad.net/ubuntu/+source/linux/+bug/606244 _________________________________ 43 ubuntu 10.10 7/8/2010 dependency signal apache2 php5 startup reload signal is sent before the server has registered its signal handlers php files are not processed unless apache is restarted https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/603192 _________________________________ 44 ubuntu 10.10 7/1/2010 dependency process notify-osd dbus boot only? notify-osd is registered by a depricated version which does not start it notify-osd daemon is not started https://bugs.launchpad.net/ubuntu/+source/notify-osd/+bug/600508 _________________________________ 45 ubuntu 10.10 6/1/2010 atomicity signal unity post-startup "a window is selected by click and last_selected_clone gets set to null until the click is processed" mouse move event is lost https://bugs.launchpad.net/ubuntu/+source/unity/+bug/588299 _________________________________ 46 ubuntu 10.04 4/13/2010 dependency process checkbox gconftool, (browsers) post-startup return code variable is used when communicating with gconftool to get the preferred browser configuration instead of wait() "Checkbox-gtk starts Firefox for viewing summary report instead of default browser." https://bugs.launchpad.net/ubuntu/lucid/+source/checkbox/+bug/562580 _________________________________ 47 ubuntu 10.04 5/26/2010 dependency device "cdrom-detect, debian-installer" boot only? usb drive has not settled when the debian installer checks for it debian installer can't mount cd image off flash drive https://bugs.launchpad.net/ubuntu/karmic/+source/cdrom-detect/+bug/586036 _________________________________ 48 ubuntu 1/8/2011 dependency process appscale run-instances, upload-app, (network) post-startup app data is uploaded before scp has been called "the appengine nodes will attempt to copy the app from the head node to their machine before the user's box (where the tools are run)" https://bugs.launchpad.net/appscale/+bug/700455 _________________________________ 49 ubuntu 10.04 5/27/2010 ? ? software-center post-startup ? software-center crashed with TypeError in display_search() https://bugs.launchpad.net/ubuntu/lucid/+source/software-center/+bug/586306 _________________________________ 50 ubuntu 5/27/2010 dependency socket txzookeeper (network) startup "during connect, the timeout method does not check to see if it has connected" connection can timeout and still connect at the same time https://bugs.launchpad.net/txzookeeper/+bug/586490 _________________________________ 51 ubuntu 9.10 4/28/2010 dependency device multipath-tools, libvirt post-startup see Bug: #585027, device resources are never released multipath + libvirtd leak memory over time https://bugs.launchpad.net/debian/+source/libvirt/+bug/571093 _________________________________ 52 ubuntu 10.04 5/21/2010 dependency process kdebase ssh, (network) post-startup everytime a process starts, it starts a duplicate of itself two processes try to bind to the same tcp-port https://bugs.launchpad.net/ubuntu/+source/kdebase/+bug/583695 _________________________________ 53 ubuntu 10.04 5/2/2010 dependency process gnome-keyring "dbus, empathy, evolution" boot only? gnome-keyring-daemon couldn't connect to dbus session bus gnome-keyring-daemon fails to start https://bugs.launchpad.net/null/+bug/573387 _________________________________ 54 ubuntu 3/3/2010 TOCTOU file emacs, movemail post-startup "permission to read/write the input and output files is checked using access() before opening them without further checking later in the code" application is open to attacks https://bugs.launchpad.net/ubuntu/+bug/531569 _________________________________ 55 ubuntu 3/31/2010 dependency socket mysql, wserp post-startup close_connections() is called before wsrep->disconnect() in shutdown  "races in shutdown and configuration changes for committing transactions" https://bugs.launchpad.net/codership-mysql/0.8/+bug/552465 _________________________________ 56 ubuntu 10.10 5/11/2010 ? ? unity mutter, libwnck post-startup "use of libwnck inside the mutter plugin, causes a race with mutter's main loop" icons and panels don't appear on desktop after application closes https://bugs.launchpad.net/unity/+bug/578956 _________________________________ 57 ubuntu 5/5/2010 dependency file phatch imtools, lib/thumbnail post-startup fopen() should not be used on files opened with mkstemp() file busy error https://bugs.launchpad.net/ubuntu/+source/phatch/+bug/576061 _________________________________ 58 ubuntu 10.04 5/4/2010 dependency process udev, ifupdown network-interface boot only? /etc/init/network-interface.conf grabs the name originally detected by the kernel and runs ifup on it before udev has had a chance to rename the interfaces "network interface names do not correspond to the actual interfaces they are supposed to correspond to" https://bugs.launchpad.net/ubuntu/+source/udev/+bug/575244 _________________________________ 59 ubuntu 5/1/2010 dependency socket bonecp sql post-startup connection is held for too long in the pool shutdown phase (eventually since you're looping, the DB runs out of connections) pool termination can race and not release the DB connection https://bugs.launchpad.net/bonecp/+bug/573225 _________________________________ 60 ubuntu 10.04 4/30/2010 dependency signal wakealarm rtc (waking from sleep) "when system is resuming after sleep, if the time has been set to the future, the system will misreport the alarm event firing" alarm event will not trigger https://bugs.launchpad.net/ubuntu/+source/linux/+bug/571977 _________________________________ 61 ubuntu 4/30/2010 dependency file system upstart, nfs-utils statd, gssd boot only? see bug: #525154, gssd needs /var mounted as well system fails to boot https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/571966 _________________________________ 62 ubuntu 4/28/2010 dependency file bazaar qrevert post-startup race condition somewhere in bzr-explorer, or qrevert doesn't unlock "error: bazaar cannot open file because it is being used by another process" https://bugs.launchpad.net/bzr-explorer/+bug/571106 _________________________________ 63 ubuntu 4/21/2010 dependency file patch-queue-manager bazaar post-startup ? queue still thinks file is present after it has been deleted https://bugs.launchpad.net/pqm/+bug/568044 _________________________________ 64 ubuntu 10.04 4/19/2010 dependency file gnome-volume-manager usb device post-startup ? "usb device is reported as safe to unplug, then after there is another message saying a process holds a lock on a file in the drive" https://bugs.launchpad.net/ubuntu/+source/gnome-volume-manager/+bug/566549 _________________________________ 65 ubuntu 4/17/2010 memory semaphore sbcl post-startup "semaphore is received, but because of an interrupt the notification code is never run" there is no notification when a semaphore is released https://bugs.launchpad.net/sbcl/+bug/565419 _________________________________ 66 ubuntu 10.04 4/7/2010 dependency device pulseaudio "module-udev-detect, module-default-device-restore" post-startup module-udev-detect races with module-default-device-restore external usb sound card is not detected properly https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/557421 _________________________________ 67 ubuntu 10.04 3/24/2010 dependency file system upstart gssd, nfs-utils boot only? "startup job runs at the same time as the mounting of /usr which is required to run the job" upstart job has a status of started/running but no pid https://bugs.launchpad.net/upstart/+bug/545673 _________________________________ 68 ubuntu 10.04 3/12/2010 dependency file system nvidia-graphics-drivers upstart boot only? "upstart is not able to access /usr/lib during boot because it is on a separate partition" "System fails to blacklist nouveau and as a result nvidia drivers are unable to claim the device and boot" https://bugs.launchpad.net/ubuntu/lucid/+source/fglrx-installer/+bug/538071 _________________________________ 69 ubuntu 10.04 3/25/2010 dependency file system mountall, nfs-utils statd boot only? "mountall sometimes tries to mount NFS filesystems before rpc.statd has started" console error of the following - mount.nfs: rpc.statd is not running but is required for remote locking https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/547139 _________________________________ 70 ubuntu 9.10 3/18/2010 dependency process nfs-utils portmap, statd boot only? /etc/init/portmap.conf may run in parallel to /etc/init/rc-sysinit.conf nfs-kernel-server fails to start and network files cannot be mounted https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/540637 _________________________________ 71 Red Hat 5.6 1/21/2011 memory memory libvirt post-startup "Libvirt has a race window where event handlers make reference to a callback handler retrieved from an array that can be simultaneously reallocated by other threads." "callback will be called with stale data; or even worse, libvirt will crash when accessing invalidated memory" https://bugzilla.redhat.com/show_bug.cgi?id=671569 _________________________________ 72 Red Hat 5.5 1/19/2011 memory memory kernel post-startup race condition checking/accessing the acpi_bus_event_list panic in kfree() due to race condition in acpi_bus_receive_event() https://bugzilla.redhat.com/show_bug.cgi?id=670797 _________________________________ 73 Red Hat 4.9 1/5/2011 memory memory kernel post-startup "race between lseek() (triggered by a rewinddir()) and readdir() where the lseek() resets the file pointer while proc_pid_readdir() is using it" system panics https://bugzilla.redhat.com/show_bug.cgi?id=644726 _________________________________ 74 Red Hat 6.0 12/21/2010 dependency process libvirt, radvd post-startup? "radvd uses daemonize() to daemonize itself, then creates its pidfile afterwards. This means that the process that exec'ed radvd will get back control before the pidfile has been created and/or populated" libvertd does not learn the pid https://bugzilla.redhat.com/show_bug.cgi?id=664783 _________________________________ 75 Fedora 13 9/24/2010 memory memory libical post-startup multiple threads call icaltimezone_get_component() for the same zone, it can be populated by icaltimezone_load_builtin_timezone() multiple times simultaneously "bad things happen" https://bugzilla.redhat.com/show_bug.cgi?id=637150 _________________________________ 76 Red Hat 6.1 12/15/2010 memory memory vdsm post-startup race occurred when trying to suspend 10 vms at once while there is no space left on vg. TypeError: 'NoneType' object is unsubscriptable https://bugzilla.redhat.com/show_bug.cgi?id=663389 _________________________________ 77 Red Hat 6.0 11/16/2010 TOCTOU socket spice-client post-startup "creating a socket with the expected name allows the incorrect information to be passed across the socket" security impact https://bugzilla.redhat.com/show_bug.cgi?id=653848 _________________________________ 78 Red Hat 6.0 11/9/2010 memory memory kernel post-startup "read() path finds a page in the page cache that is not yet fully read from disk but truncated again before the reader acquires the page lock" kernel crashes https://bugzilla.redhat.com/show_bug.cgi?id=651373 _________________________________ 79 Red Hat 5.3 10/25/2010 memory memory kernel post-startup "d_splice_alias drops dcache_lock before calling d_move to perform the splice, it could race with another thread calling d_splice_alias to splice the inode in with a different name in a different part of the tree" system panics https://bugzilla.redhat.com/show_bug.cgi?id=646359 _________________________________ 80 Red Hat 6.1 10/20/2010 dependency file saveState vdsm post-startup? "saveState creates a recovery file before statistics thread is created, recovery file for that vm has wrong parameter (0), in case service (vdsm) is restarted and no change is performed to that vm, then vm will be presented as running with some vague time." some vms are reported as running for 14902 days https://bugzilla.redhat.com/show_bug.cgi?id=644847 _________________________________ 81 Red Hat 5.5 10/6/2010 dependency signal scsi post-startup? "mptspi controller experiences a reset, causing a scsi device to undergo domain validation and become stuck in QUIESCE state" "With the sg 'command inserted into the head of the queue, no commands will run from the request queue, domain validation is unable to complete, and the scsi device is stuck in QUIESCE state." https://bugzilla.redhat.com/show_bug.cgi?id=640839 _________________________________ 82 Red Hat 6.0 10/4/2010 memory memory iscsi-initiator-utils post-startup "single threaded scheduler handles this INVALID_HOST message asynchronously from within the re-open path" "race condition can be observed in the ISCSI_ERR_INVALID_HOST handling in open-iscsi when it is being issued immediately after the reception of the ISCSI_ERR_CONN_FAILED nl message to execute the re-open path" https://bugzilla.redhat.com/show_bug.cgi?id=640115 _________________________________ 83 Red Hat 5.5 10/1/2010 memory memory device-mapper-multipath startup only? "multipathd's pthreads are created with the default deferred cancellation type. This means that the thread will continue to run until it calls a function that is a defined cancellation point" multipathd segfaults due to shutdown race https://bugzilla.redhat.com/show_bug.cgi?id=639429 _________________________________ 84 Red hat 5.4 9/30/2010 memory memory aio_complete() post-startup "There is a missing memory barrier in the current aio_complete in the RHEL4 kernels causing a race between read_events/aio_complete causing the thread in read_events to sleep indefinitely" process hangs https://bugzilla.redhat.com/show_bug.cgi?id=638868 _________________________________ 85 Red Hat 5.5 9/30/2010 ? kernel race in pid generation that causes pids to be reused immediately sometimes a signal kills the wrong process accidentally https://bugzilla.redhat.com/show_bug.cgi?id=638866 _________________________________ 86 Red Hat 5.6 12/22/2010 dependency socket sctp, icmp protocol sockets post-startup? race between ICMP protocol unreachable and connect() crashed in network interrupt https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4526 _________________________________ 87 Red Hat 5 8/2/2010 TOCTOU socket spice-xpi, qspice-client sockets post-startup time of check, time of use vulnerability "a local attacker is able to create a unix socket with the expected name that is used for parameter passing" https://bugzilla.redhat.com/show_bug.cgi?id=620350 _________________________________ 88 Red Hat 5.5 9/29/2010 dependency process dasd "CQR (Channel Queue Request)" post-startup? "wait condition checked the status and devlist fields of the CQR to determine if it is safe to continue. This evaluation may have returned true, although the tasklet did not finish processing the CQR and the callback function had not been called yet" data in the CQR is invalid https://bugzilla.redhat.com/show_bug.cgi?id=638579 _________________________________ 89 Red Hat 1/8/2009 dependency socket messaging-broker post-startup error in the 'DispatchHandle' class implementation cluster broker crashes with race condition in DispatchHandle https://bugzilla.redhat.com/show_bug.cgi?id=479326 _________________________________ 90 Red Hat 5.2 12/2/2008 memory memory fork post-startup? deadlocks occur if system functions are called between fork and exec application hangs https://bugzilla.redhat.com/show_bug.cgi?id=474181 _________________________________ 91 Red Hat 4 9/26/2007 memory memory ps, kernel post-startup vma list is locked while copying data to the userspace program and ps hang https://bugzilla.redhat.com/show_bug.cgi?id=306971 _________________________________ 92 Red Hat 10/4/2010 TOCTOU file JDK post-startup Race condition in the way objects were deserialized "an untrusted applet or application to misuse the privileges of the user running the applet or application" https://bugzilla.redhat.com/show_bug.cgi?id=639876 _________________________________ 93 Red Hat 5 11/28/2008 TOCTOU file perl post-startup Race condition in the rmtree function "local users can create arbitrary setuid binaries in the tree being deleted" https://bugzilla.redhat.com/show_bug.cgi?id=473450 _________________________________ 94 Red Hat 8/11/2009 memory memory JDK post-startup "Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors" security vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=516834 _________________________________ 95 Red Hat 5.3 3/11/2009 TOCTOU files systemtap post-startup "due to checkpath() checking the path (the module_realpath variable), but not later using the path to open the file." " user in the stapusr group can effectively elevate privileges to group stapdev or root by allowing for the execution of kernel objects outside of the root-owned /lib/modules/$VERSION/systemtap/ directory" https://bugzilla.redhat.com/show_bug.cgi?id=489808 _________________________________ 96 Red Hat / Fedora 2/15/2010 dependency system gtk post-startup race condition between two subsequent actions -- shaking the unlock dialog and clearing the screen gnome screensaver crashes https://bugzilla.redhat.com/show_bug.cgi?id=565527 _________________________________ 97 Red Hat 4 2/25/2007 TOCTOU file xdm post-startup "user's Xsession errors file have weak permissions before a chmod is performed" local users to read Xsession errors files of other users. https://bugzilla.redhat.com/show_bug.cgi?id=230007 _________________________________ 98 Red Hat 4 7/31/2008 dependency interrupt kernel post-startup " If cpu_online_map is cleared and it is interrupted immediately, __smp_call_function() refers it as num_online_cpus()-1. this will be -1. Therefore, __smp_call_function() will be infinite loop." "If panic occurs in shutdown process, the system may hang up without oops messages." https://bugzilla.redhat.com/show_bug.cgi?id=457409 _________________________________ 99 Red Hat 5.5 2/16/2010 dependency registers "driver, bootcode on 57765 A0 devices" startup? "The problem is that the bootcode will access and modify registers that are also used by the driver." "Register corruption is the consequence, which results in poor and possible kernel panics." https://bugzilla.redhat.com/show_bug.cgi?id=565965 _________________________________ 100 Red Hat 5.5 9/24/2010 memory memory glibc, kernel post-startup bug when 'MALLOC_CHECK_' feature was enabled causing a race condition in the 'free' function internal heap corruption in a multi-threaded application. https://bugzilla.redhat.com/show_bug.cgi?id=637067 _________________________________ 101 Red Hat 5.5 7/26/2010 dependency memory mapping kvm, spice post-startup "conflict that initiated when a virtual machine was initially run and then migrated right away." migration process fails on virtual machine https://bugzilla.redhat.com/show_bug.cgi?id=618205 _________________________________ 102 Red Hat 4.6 6/17/2008 dependency file kernel file io processes post-startup "race condition may have been encountered between dio_bio_end_aio() and dio_await_one()." direct I/O is left waiting indefinitely on an I/O process that has already completed. https://bugzilla.redhat.com/show_bug.cgi?id=451819 _________________________________ 103 Red Hat 4.6 12/18/2007 dependency file cifs post-startup cifs_write() vs cifs_close() race file is closed before it is finished being written to https://bugzilla.redhat.com/show_bug.cgi?id=426080 _________________________________ 104 Red Hat 4.6 2/17/2008 dependency file system nfs, umount post-startup "nfs_access_cache_shrinker() calls i_grab() without s_umount, so it can be racing with umount" " user perform umount while system is reclaiming nfs access slab cache, it probably result in busy inode after umount" https://bugzilla.redhat.com/show_bug.cgi?id=433249 _________________________________ 105 Red Hat 5.2 4/10/2008 dependency device mptscsi, hotremove post-startup "a device is hot-removed from an mptscsi controller while an error handler that will attempt a bus reset is outstanding, the call to mptscsih_bus_reset may end up accessing the vdevice structure (stored in SCpnt->device->hostdata) after it has been freed" kernel oops https://bugzilla.redhat.com/show_bug.cgi?id=441832 _________________________________ 106 Red Hat 4.4 2/15/2007 dependency file nfs, kernel post-startup mtime is not changed on a directory when creating entries, and 32bit jiffys wrap-around persistent stale negative dentries are kept for a long time https://bugzilla.redhat.com/show_bug.cgi?id=228801 _________________________________ 107 Red Hat 5.0 6/12/2007 dependency device vfb, xen-vncfb startup? createDevice() is called on the vkbd device in XenD device already connected error https://bugzilla.redhat.com/show_bug.cgi?id=243884 _________________________________ 108 Red Hat 5.4 2/4/2010 dependency signal kwin, X post-startup kwin ignores configure requests when launching a new window wrong size of Motif windows https://bugzilla.redhat.com/show_bug.cgi?id=561844 _________________________________ 109 Red Hat 5.0 7/6/2007 dependency device LVM, xenblk startup? xen block frontend driver is built as a module the module load is only synchronous up to the point where the frontend and the backend become connected rather than when the disk is added the disk is not present until after the scan for physical volumes is complete https://bugzilla.redhat.com/show_bug.cgi?id=247265 _________________________________ 110 Red Hat 2/2/2011 dependency signal php post-startup race condition when handling many concurrent signals memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=674705 _________________________________ 111 Red Hat Linux 7.3 9/27/2001 dependency process licq post-startup /usr/bin/licq has a race condition sometimes the grep command itself will show up in the ps list https://bugzilla.redhat.com/show_bug.cgi?id=54127 _________________________________ 112 Red Hat Linux 7.1 10/4/2001 memory memory electric fence, pthreads post-startup "large multithreaded application that, during shutdown, has many threads exiting and many calls to ""free"" all at once" two threads get deadlocked https://bugzilla.redhat.com/show_bug.cgi?id=54368 _________________________________ 113 Red Hat 5.3 11/5/2009 dependency thread glibc post-startup race condition with setuid() a newly created thread has the old setuid https://bugzilla.redhat.com/show_bug.cgi?id=533213 _________________________________ 114 Red Hat 5.4 12/22/2009 memory memory glibc post-startup an application to hang could occur when the 'dlclose' function was called thread is cancelled https://bugzilla.redhat.com/show_bug.cgi?id=549813 _________________________________ 115 Red Hat 5.3 9/10/2009 ?? glibc When a program creates a thread which calls setuid() and terminates, the other thread trying to wait for it hangs. program hangs https://bugzilla.redhat.com/show_bug.cgi?id=522528 _________________________________ 116 Red Hat 5.3 12/15/2009 memory memory glibc post-startup The _dl_lookup_symbol_x() called from _dl_runtime_resolve updates the l_used member, a bit field in the link_map structure, without getting dl_load_lock causes a race condition between _dl_lookup_symbol_x() and one of other procedures, dlopen, dlclose, etc., during their updates of the bit field members in this structure https://bugzilla.redhat.com/show_bug.cgi?id=547631 _________________________________ 117 Red Hat 5.4 6/22/2009 memory memory kernel post-startup "This earlier race condition occurred if an application performed multiple O_DIRECT reads per virtual memory page and also performed fork(2)." Corruption on ext3/xfs with O_DIRECT and unaligned user buffers https://bugzilla.redhat.com/show_bug.cgi?id=507297 _________________________________ 118 Red Hat 5.0 4/17/2007 dependency socket vsftpd startup another instance of vsftpd is running which holds the socket If there is another FTP server running when you tried to start vsftpd, the bind will fail, and vsftpd would crash, without any error messages, and the user will have no way to know vsftpd failed. https://bugzilla.redhat.com/show_bug.cgi?id=236707 _________________________________ 119 Red Hat 5.4 12/1/2009 dependency process systemtap shutdown The probe setup could be called during or after the probe shutdown which lead to kernel callbacks remaining registered after modules were unloaded. abnormal shutdowns, triggered at the same time as probe startups, triggered a race condition, and consequent kernel panics, when multiple systemtap commands ran simultaneously https://bugzilla.redhat.com/show_bug.cgi?id=543058 _________________________________ 120 Red Hat 5.4 2/12/2010 dependency process strace post-startup strace attached to a process while said process was executing the execve system call strace stops logging the trace https://bugzilla.redhat.com/show_bug.cgi?id=564364 _________________________________ 121 Red Hat 5.3 2/27/2008 dependency process ksh post-startup ksh is expecting waitpid in jobs.c to wait, as it should. Unfortunately, at this point there are no child procs (determined using 'ps auxf', causing it to set errno to ECHILD ksh goes into an infinite loop https://bugzilla.redhat.com/show_bug.cgi?id=435159 _________________________________ 122 Red Hat / Fedora 6/1/2009 dependency java applet firefox java post-startup Race condition while accessing the private data of a NPObject JS wrapper class object free memory read by an attacker https://bugzilla.redhat.com/show_bug.cgi?id=503579 _________________________________ 123 Fedora 12 11/4/2009 TOCTOU file ncpfs, mount samba-client post-startup? Race condition by mount (ncpmount) / umount (ncpumount) "Local, unprivileged user could use this flaw to conduct symlink attacks" https://bugzilla.redhat.com/show_bug.cgi?id=532940 _________________________________ 124 Red Hat / Fedora 11/3/2010 memory memory openssl post-startup flaw in OpenSSL TLS server extension code parsing buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=649304 _________________________________ 125 Red Hat / Fedora 2/16/2010 TOCTOU file vixie-cron, cronie post-startup vixie-cron and cronie used to set up timestamp (modification time) for crontab file of the individual user by editing the file denial of service attack https://bugzilla.redhat.com/show_bug.cgi?id=565809 _________________________________ 126 Fedora 6/8/2010 TOCTOU file exim post-startup race condition when MBX locking is enabled denial of service attack by changing file permissions https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2024 _________________________________ 127 Fedora 11/30/2009 TOCTOU file automake post-startup race condition in the way Automake used to prepare content of directories hierarchy "local attacker could use this flaw to inject malicious content into the resulting directory and potentially subsequently execute arbitrary code with the privileges of the user issuing the ""./configure"" command" https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4029 _________________________________ 128 Red Hat / Fedora 3/31/2008 memory memory kernel post-startup fcntl() can race with close() from another thread, inserting element *after* close() is finished. entry is stuck in the struct file forever even after it has been freed or reused https://bugzilla.redhat.com/show_bug.cgi?id=439754 _________________________________ 129 Red Hat / Fedora 3/26/2010 TOCTOU file samba-client fuse, ncpfs post-startup FUSE filesystem(s) unmount operation is not performed atomically Local, unprivileged user could use this flaw to conduct symlink attacks, leading to disclosure of sensitive information, or, possibly to privilege escalation https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0787 _________________________________ 130 Red Hat / Fedora 3/26/2010 TOCTOU file emacs, movemail post-startup "permission to read/write the input and output files is checked using access() before opening them without further checking later in the code" application is open to attacks https://bugzilla.redhat.com/show_bug.cgi?id=578267 _________________________________ 131 Fedora 13 1/26/2010 TOCTOU file samba-client post-startup race condition in the samba-client's mount.cifs utility Local, unprivileged user could use this flaw to conduct symlink attacks, leading to disclosure of sensitive information, or, possibly to privilege escalation https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0789 _________________________________ 132 Fedora 11 5/13/2009 dependency process etables, iptables post-startup Concurrent execution of ebtables commands ebtables return value is useless https://bugzilla.redhat.com/show_bug.cgi?id=624427 _________________________________ 133 Fedora 14 11/12/2010 dependency process telinit post-startup "telinit 3" from inside gnome-terminal kills the console after running start machine at runlevel 5 Console becomes unresponsive after appearing to switch to text mode https://bugzilla.redhat.com/show_bug.cgi?id=500750 _________________________________ 134 Fedora 3/27/2009 TOCTOU file init.d startup "XFS script is vulnerable to a race condition when it is started by init, or by a system administrator. Specifically, it insecurely changes the file permissions of a temporary file." An attacker can elevate their priviliges to root https://bugzilla.redhat.com/show_bug.cgi?id=492517 _________________________________ 135 Fedora 14 11/12/2010 dependency device gdm chooser gnome boot only? at boot GDM starts before the keyboard is initialized No login window is displayed https://bugzilla.redhat.com/show_bug.cgi?id=661898 _________________________________ 136 Fedora 11 10/20/2008 dependency network vpn startup pinging the vpn host at short intervals races with the vpn init script vpn does not establish a link unless the script is restarted https://bugzilla.redhat.com/show_bug.cgi?id=467789 _________________________________ 137 Fedora 8/6/2009 dependency device libguestfs swapoff post-startup "swapoff operation doesn't finish before the BLKRRPART ioctl is performed" guestfsd: error: /sbin/blockdev: BLKRRPART: Device or resource busy https://bugzilla.redhat.com/show_bug.cgi?id=516096 _________________________________ 138 Fedora 3/18/2008 dependency file coreutils post-startup mv unlinks the target within the rename() the rename() call is not atomic https://bugzilla.redhat.com/show_bug.cgi?id=438076 _________________________________ 139 Fedora 12 6/9/2009 memory memory coreutils, kernel post-startup kernel wait race stty/termios lockup due to TCSADRAIN https://bugzilla.redhat.com/show_bug.cgi?id=504798 _________________________________ 140 Gentoo 7/17/2007 TOCTOU file xfs post-startup race condition vulnerability in init.d XFS (X Font Server) allows an attacker to elevate their privileges to root http://bugs.gentoo.org/show_bug.cgi?id=185660 _________________________________ 141 Gentoo 8/19/2007 TOCTOU file app-text post-startup race condition on a file created in /tmp allows an attacker to elevate their privileges http://bugs.gentoo.org/show_bug.cgi?id=189440 _________________________________ 142 Gentoo 12/1/2009 TOCTOU file automake post-startup race condition in the way Automake used to prepare content of directories hierarchy (top-level directory and its subdirectories), when the "distdir" based Automake target was used allows an attacker to run malicious code as a more privliged user http://bugs.gentoo.org/295357 _________________________________ 143 Gentoo 3/5/2008 TOCTOU file app-text post-startup race condition on a file created in /tmp allows an attacker to elevate their privileges http://bugs.gentoo.org/show_bug.cgi?id=212367 _________________________________ 144 Gentoo 11/7/2007 memory memory nss_ldap post-startup if an application is linked against pthread and uses a nss_ldap call and then forks, both processes share the ldap connection, having no locking mechanism "bad things happen" http://bugs.gentoo.org/show_bug.cgi?id=198390 _________________________________ 145 Gentoo 11/17/2004 TOCTOU file cscope post-startup Race condition with cscope temporary file system is vulnerable to a symlink attack http://bugs.gentoo.org/show_bug.cgi?id=71595 _________________________________ 146 Gentoo 1/19/2011 TOCTOU device fuse post-startup fusermount tool was vulnerable to a race condition between mounting a user filesystem and updating mtab using the standard mount command. user can unmount priviliged file systems http://bugs.gentoo.org/352150 _________________________________ 147 Gentoo 11/17/2009 memory memory glibc post-startup bug when 'MALLOC_CHECK_' feature was enabled causing a race condition in the 'free' function internal heap corruption in a multi-threaded application. http://bugs.gentoo.org/show_bug.cgi?id=293527 _________________________________ 148 Gentoo 7/7/2005 dependency file cronbase post-startup race condition between the default crontab and /usr/sbin/run-crons, file gets rm'ed by one of the other entries in /etc/crontab between it being found and -exec creates false warnings http://bugs.gentoo.org/98189 _________________________________ 149 Gentoo 2/23/2010 dependency device udev, lvm post-startup race condition w/ udev and lvm device removal snapshot can fail to be removed http://bugs.gentoo.org/306491 _________________________________ 150 Gentoo 6/30/2003 TOCTOU process kernel post-startup The problem lies in the atomicity of placing a target executables file descriptor within the current process descriptor and executing the file arbitrary code could be executed under different user priviliges http://bugs.gentoo.org/show_bug.cgi?id=23788 _________________________________ 151 Gentoo 6/2/2009 dependency file icu makefile post-startup concurrent build problems if make is run with multiple cores emake install fails http://bugs.gentoo.org/272328 _________________________________ 152 Gentoo 11/16/2009 dependency setting OpenOffice, libXft gnome post-startup The `xsettings` plugin of gnome-settings-daemon exports font settings to libXft applications by calling `xrdb -merge`. The `font` plugin of gnome-settings-daemon also calls `xrdb-merge` to export X cursor settings. They both do this at initialization racing on multi cores. fonts aren't rendered consistantly in openoffice http://bugs.gentoo.org/show_bug.cgi?id=293426 _________________________________ 153 Gentoo 5/20/2005 dependency process glibc post-startup B wakes A and then perform the futex system call. If A gets a chance to run before the syscall is performed (very small chance since probably the waking up and the futex call are close), it can free the semaphore (and the glibc internal futex that goes with it), and then when B runs again and perform the syscall, it fails because the semaphore he's doing the futex for has been free()d Syscall param futex(futex) points to unaddressable byte(s) http://bugs.gentoo.org/93366 _________________________________ 154 Gentoo 3/26/2010 dependency file python makefile post-startup race with multicore building python emake altinstall failed http://bugs.gentoo.org/311437 _________________________________ 155 Gentoo 5/18/2004 TOCTOU file wget post-startup wget checks a files permissions, then without holding a lock writes to it file is open to a symlink attack http://bugs.gentoo.org/51365 _________________________________ 156 Gentoo 1/27/2005 TOCTOU file rmtree post-startup race conditions internal to the implementation of making it unsafe to use on directory trees subdirectories of a tree vulnerable to unprivilged user attack http://bugs.gentoo.org/show_bug.cgi?id=79685 _________________________________ 157 Gentoo 11/4/2009 memory memory pipe post-startup multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service denial of service attacks orprivilige gains http://bugs.gentoo.org/show_bug.cgi?id=291904 _________________________________ 158 Gentoo 6/20/2005 TOCTOU file sudo post-startup race condition in Sudo's pathname validation race condition in Sudo's command pathname handling prior to Sudo version 1.6.8p9 that could allow a user with Sudo privileges to run arbitrary commands http://bugs.gentoo.org/show_bug.cgi?id=96618 _________________________________ 159 Gentoo 1/28/2004 dependency process apache2 init.d post-startup init.d sends the command for apache to start up again before apache finishes shutting down apache exits but never restarts http://bugs.gentoo.org/show_bug.cgi?id=39730 _________________________________ 160 Gentoo 5/31/2010 memory memory sys-block post-startup A race condition can occur under corner case conditions because of the interaction between the buffer high watermark management code and threads that handle the input and output from the managed ring buffer If the input data is extremely short, the input thread can signal "buffer filled to the high watermark" before the output thread is fully initialized and waiting on that semaphore http://bugs.gentoo.org/show_bug.cgi?id=322265 _________________________________ 161 Gentoo 11/11/2008 dependency file judy makefile post-startup some phases create rules for other phases of the "doc" dirs processing, and results in a build failure building with a -j option >1 causes the build to fail http://bugs.gentoo.org/246373 _________________________________ 162 Gentoo 7/14/2008 dependency thread stty bash post-startup parent steals child session leader status stty process hangs http://bugs.gentoo.org/231775 _________________________________ 163 Gentoo 12/31/2009 dependency file sys-apps kernel post-startup "init script in preload invokes start-stop-daemon to start the preload daemon, with the option to create a pid file, then attempts to ionice the pid in the pid file. This is wrong, as the pid file may not be available after start-stop-daemon returns" "the pid file does not exist when ionice is called; the daemon is however started and the pid file eventually created" http://bugs.gentoo.org/299140 _________________________________ 164 Gentoo 2/8/2005 dependency file contab rm post-startup race between rm in find command in run-crons and the rm commands in /etc/crontab /var/spool/cron/lastrun/cron.hourly: No such file or directory http://bugs.gentoo.org/show_bug.cgi?id=81222 _________________________________ 165 Gentoo 3/14/2009 memory memory nvidia driver, compmiz post-startup there is a race condition in the XDamage extension video driver crashes and locks up http://bugs.gentoo.org/262444 _________________________________ 166 Gentoo 10/19/2008 dependency device cryptsetup udev post-startup cryptsetup calls udevadm settle cryptsetup does udev specific calls http://bugs.gentoo.org/242778 _________________________________ 167 Gentoo 5/16/2006 memory memory kernel post-startup In case the integer overflow and/or the race condition are triggered, paddc->num_counters might not match the allocation size race condition in do_add_counters() http://bugs.gentoo.org/show_bug.cgi?id=133465 _________________________________ 168 Gentoo 4/13/2007 dependency device mount post-startup "race in determining the mount point for the partition that has become available" if an external usb hard disk with multiple partitions is plugged in, both partitions often get mounted on /media/disk http://bugs.gentoo.org/174370 _________________________________ 169 Gentoo 2/6/2006 dependency file insvn post-startup locking and unlocking a file is not implemented correctly allowing races a bogus cache entry is generated http://bugs.gentoo.org/show_bug.cgi?id=121819 _________________________________ 170 Gentoo 2/17/2009 memory memory crypto kernel post-startup larval was not marked as dead before dropping the mutex, and also dead or dying algorithms on the registration path were not ignored crypto API breaks cryptsetup http://bugs.gentoo.org/show_bug.cgi?id=259332 _________________________________ 171 Gentoo 10/6/2006 TOCTOU file php post-startup there is a timing window where files can be unlinked after open_basedir is called it is possible to point a symlink to any file by the use of mkdir(), unlink() and at least two symlinks. http://bugs.gentoo.org/show_bug.cgi?id=150260 _________________________________ 172 Gentoo 11/5/2008 TOCTOU file gccxml post-startup time of check, time of use vulnerability find_flags in gccxml local users to overwrite arbitrary files via a symlink attack on a /tmp/*.cxx temporary file http://bugs.gentoo.org/show_bug.cgi?id=245765 _________________________________ 173 Gentoo 11/25/2008 TOCTOU file kernel post-startup inode->inotify_mutex and ih->mutex need to be held and if we don't hold the inode we need to make sure there is no race with umount. inotify functionality in Linux kernel might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. http://bugs.gentoo.org/248754 _________________________________ 174 Gentoo 8/3/2005 dependency file insvn post-startup two concurrent emerges are run file is not found in the directory http://bugs.gentoo.org/show_bug.cgi?id=101240 _________________________________ 175 Gentoo 8/14/2007 memory memory gnome post-startup A race when creating a mutex in giop_timeout_add() observed results of these two bugs was "Illegal reads" and trying to write to NULL. http://bugs.gentoo.org/show_bug.cgi?id=188825 _________________________________ 176 Gentoo 11/10/2004 TOCTOU file glukalka post-startup closing and then reopening the same filename without checking it exists file can be opened without a check to see if it is correct http://bugs.gentoo.org/show_bug.cgi?id=70666 _________________________________ 177 Gentoo 12/31/2006 TOCTOU file lsat post-startup lsat insecurely writes to files in /tmp, without first checking to see if those files could be symlinks arbitrary files could be overwritten upon installing lsat http://bugs.gentoo.org/show_bug.cgi?id=159542 _________________________________ 178 Gentoo 4/12/2005 TOCTOU file pine post-startup vulnerability is caused due to a race condition in the rpdump utility when creating files. The problem is that there is a larger gap between the time that a check is made to determine whether a local file exists and the time that the file is created local users can perform certain actions on a vulnerable system with escalated privileges http://bugs.gentoo.org/88836 _________________________________ 179 Gentoo 4/25/2004 dependency resource bacula post-startup major race condition in the job scheduler when multiple simultaneous jobs is enabled. This occurred only when on job had blocked another because of resource usage deadlock and cpu spins http://bugs.gentoo.org/48969 _________________________________ 180 CentOS 12/1/2008 memory memory fork post-startup deadlocks occur if system functions are called between fork and exec application hangs http://bugs.centos.org/view.php?id=3280 _________________________________ 181 CentOS 6/9/2010 memory memory glibc, kernel post-startup bug when 'MALLOC_CHECK_' feature was enabled causing a race condition in the 'free' function internal heap corruption in a multi-threaded application. http://bugs.centos.org/view.php?id=4370 _________________________________ 182 CentOS 10/9/2009 dependency device nfs startup race condition in NFS root client running CentOS-5 i386 failed to stat ./dev/ram1: Value too large for defined data type http://bugs.centos.org/print_bug_page.php?bug_id=3900 _________________________________ 183 CentOS 11/17/2007 dependency file autofs post-startup race between mount and expire when using yum pointing to a nfs central server holding the updates repository automounted through nfs, yum fails http://bugs.centos.org/bug_view_page.php?bug_id=2448 _________________________________ 184 CentOS 7/17/2008 memory memory lustre post-startup race condition with a lock around d_lookup server suddenly timed out on ssh, http etc http://bugs.centos.org/view.php?id=2992 _________________________________ 185 CentOS 2/18/2005 ? init boot init will intermittently hang as its the init version or shortly after running rc.sysinit http://bugs.centos.org/view.php?id=808 _________________________________ 186 CentOS 3/27/2006 dependency network interface tg3 driver post-startup race condition when creating two interfaces untagged interface (eth1) is created correctly and the tagged interface (eth1.200) will be created but nonfunctional http://bugs.centos.org/bug_view_page.php?bug_id=1276 _________________________________ 187 Debian 4/10/2008 TOCTOU file suPHP post-startup vulnerability to symlink attack allows local users to gain privileges http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475431 _________________________________ 188 Debian 11/23/2006 dependency file exim post-startup race condition in logrotate between logrotates create option fulfilling its duties and exim trying to deliver/accept an email exim dies from an error http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=399930 _________________________________ 189 Debian 8/17/2008 dependency signal xterm post-startup the program gets SIGWINCH and queries the new window size it still gets the old size from xterm window is not resized correctly http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495435 _________________________________ 190 Debian 1/30/2010 TOCTOU file samba-client fuse, ncpfs post-startup FUSE filesystem(s) unmount operation is not performed atomically Local, unprivileged user could use this flaw to conduct symlink attacks, leading to disclosure of sensitive information, or, possibly to privilege escalation http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567633 _________________________________ 191 Debian 12/1/2007 memory memory nss_ldap post-startup if an application is linked against pthread and uses a nss_ldap call and then forks, both processes share the ldap connection, having no locking mechanism "bad things happen" http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453868 _________________________________ 192 Debian 3/27/2002 memory memory libstdc post-startup "function basic_string::_M_leak_hard() in basic_string.tcc is not thread-safe" reference count is read with _M_is_shared() and then written with _M_set_leaked(), non-atomically http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=140201 _________________________________ 193 Debian 4/5/2005 TOCTOU file bzip2 post-startup a malicious local user has write access to a directory in which a target user is using bzip2 to extract or compress a file a TOCTOU bug can be exploited to change the permission of any file belonging to that user http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=303300 _________________________________ 194 Debian 5/26/2010 dependency process kdm init.d startup init.d does not have enough dependency information so it starts processes out of order kdm "fails" to load at boot time http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583312 _________________________________ 195 Debian 7/17/2009 TOCTOU file pulseaudio startup pulseaudio restarts after detecting an environmental variable change executable can be replaced via symbolic link http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537351 _________________________________ 196 Debian 2/28/2009 dependency socket squid3 web server post-startup After a webserver responds to an HTTP request, it will keep the connection open, usually (in the case of Apache at least) until some timeout is reached. If Squid uses this open connection to make a further HTTP request just as the webserver reaches this timeout, the connection could be closed by by remote end before the new request was received. When Squid sees the connection close, it produces the 'Zero Sized Reply' error http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517534 _________________________________ 197 Debian 7/23/2005 memory memory kernel post-startup concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow denial of service (kernel panic) and possibly execute arbitrary http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319629 _________________________________ 198 Debian 8/10/2005 kernel post-startup race between sysfs_read_file() and sysfs_write_file() denial of service http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322339 _________________________________ 199 Debian 12/16/2007 dependency python-notify post-startup notification icon pops up incorrectly or not at all http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456610 _________________________________ 200 Debian 10/5/2009 TOCTOU device devfs, vfs boot only? a race condition exists where the kernel might dereference a NULL pointer "successful exploitation of the race condition can lead to local kernel privilege escalation, kernel data corruption and/or crash" http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549871 _________________________________ 201 Debian 11/24/2006 TOCTOU file logrotate startup "when a new log file is created, it is first created, and then chowned and chmodded to the desired values" There is a small time window where the file exists, but does not have the correct owner/mode http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=400198 _________________________________ 202 Debian 5/26/2008 memory memory nant post-startup string parsing error causes memory race on output writer nant fails to build http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483073 _________________________________ 203 Debian 9/13/2007 dependency file apt post-startup race condition that causes .decomp files to disappear before apt-get is quite finished with them apt-get cannot find a .decomp file it is looking for so it goes into an infinite loop http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442189 _________________________________ 204 Debian 10/7/2007 dependency cyrus-imapd-2.2 exim post-startup A message was being delivered while the server was shutting down Message was never delivered http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445680 _________________________________ 205 Debian 12/18/2009 dependency device ntp, network manager boot only? When ntpq -p reports "No association ID's..." it is because NetworkManager has not yet brought up the network interface (eth0 for me) when ntpd is trying to resolve server IP addresses. If ntpd gives up on resolving addresses at this point it will never try again later. On some startups ntpq -p reports "No association ID's..." http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561622 _________________________________ 206 Debian 3/5/2002 dependency signal glibc post-startup The race condition is in linuxthreads/signals.c. The sigaction function registers the signal handler with the kernel *BEFORE* setting the user callback function pointer. race condition in glibc/linuxthreads/signal.c in sigaction handler http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=136990 _________________________________ 207 Debian 9/11/2005 dependency process sysvinit post-startup must set the childhandler as default before forking off the child or the chld_handler could run before the waitpid loop has a chance to find its zombie-child deadlock init in a waitpid() loop http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327612 _________________________________ 208 Debian 10/19/2004 dependency process initscripts startup sleep for 1 second may not be long enough for a daemon to restart daemon will not start up http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=277204 _________________________________ 209 Debian 3/4/2010 memory memory php-apc process shutdown when TTLs are enabled, the memory fragmentation causes allocate and deallocate calls to become more and more costly, and you end up in a downward spiral until the system becomes unusable system memory fills up http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572529 _________________________________ 210 Debian 6/30/2010 dependency socket wpasupplicant dhclient startup "wpa_cli gets to run before wpasupplicant has managed to bind its unix socket" wlan interface does not get an IP http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=587634 _________________________________ 211 Debian 4/9/2005 TOCTOU file gzip post-startup a malicious local user has write access to a directory in which a target user is using bzip2 to extract or compress a file a TOCTOU bug can be exploited to change the permission of any file belonging to that user http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=303927 _________________________________