CVE-2002-0839 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2002-0839
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2002-0839

Description: The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.

CVE Status: Candidate

References: XF http://www.iss.net/security_center/static/10280.php VULNWATCH http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.html SGI MANDRAKE http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php HP http://online.securityfocus.com/advisories/4617 ENGARDE http://www.linuxsecurity.com/advisories/other_advisory-2414.html DEBIAN http://www.debian.org/security/2002/dsa-195 http://www.debian.org/security/2002/dsa-188 http://www.debian.org/security/2002/dsa-187 CONFIRM http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=103367938230488&w=2 http://www.apacheweek.com/issues/02-10-04 CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 BUGTRAQ http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.html http://marc.theaimsgroup.com/?l=bugtraq&m=103376585508776&w=2 BID 5884

Return to the previous page.