CVE-2007-3304 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-3304
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-3304

Description: Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/35095 UBUNTU http://www.ubuntu.com/usn/usn-499-1 TRUSTIX http://www.trustix.org/errata/2007/0026/ SUSE http://www.novell.com/linux/security/advisories/2007_61_apache2.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1 ST 1018304 SREASON http://securityreason.com/securityalert/2814 SGI SAID Secunia Advisory: SA28224 Secunia Advisory: SA28212 Secunia Advisory: SA27732 Secunia Advisory: SA27209 Secunia Advisory: SA27563 Secunia Advisory: SA26842 Secunia Advisory: SA26993 Secunia Advisory: SA27121 Secunia Advisory: SA26822 Secunia Advisory: SA28606 Secunia Advisory: SA25827 Secunia Advisory: SA25830 Secunia Advisory: SA25920 Secunia Advisory: SA26211 Secunia Advisory: SA26273 Secunia Advisory: SA26443 Secunia Advisory: SA26508 Secunia Advisory: SA26611 Secunia Advisory: SA26759 Secunia Advisory: SA26790 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0662.html http://www.redhat.com/support/errata/RHSA-2008-0261.html http://www.redhat.com/support/errata/RHSA-2007-0557.html http://rhn.redhat.com/errata/RHSA-2007-0556.html http://www.redhat.com/errata/RHSA-2007-0532.html MLIST http://lists.vmware.com/pipermail/security-announce/2009/000062.html http://marc.info/?l=apache-httpd-dev&m=118252946632447&w=2 http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/%3c20070629141032.GA15192@redhat.com%3e MISC http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111 http://security.psnc.pl/files/apache_report.pdf MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:140 http://www.mandriva.com/security/advisories?name=MDKSA-2007:142 HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588 GENTOO http://security.gentoo.org/glsa/glsa-200711-06.xml FEDORA http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=186219 http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm http://support.avaya.com/elmodocs2/security/ASA-2007-363.htm http://svn.apache.org/viewvc?view=rev&revision=547987 http://httpd.apache.org/security/vulnerabilities_13.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/505990/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/471832/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/469899/100/0/threaded BID 24215 AIXAPAR http://www-1.ibm.com/support/docview.wss?uid=swg1PK53984 http://www-1.ibm.com/support/search.wss?rs=0&q=PK50467&apar=only http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702

Return to the previous page.