OSVDB ID: 4552

Title: Apache HTTP Server Shared Memory Scoreboard DoS

Info

Disclosure
Oct 03, 2002

Discovery
Aug 27, 2002

Dates

Exploit
Oct 03, 2002

Solution
Unknown

Description

 Apache HTTP server contains a flaw that may allow a local denial of service. The issue is triggered when a local user with privileges as the Apache UID sends a SIGUSR1 signal to any process as root, resulting in loss of availability of the system.

Classification

 Location: Local Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Public

Solution

 Upgrade to Apache version 1.3.27 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

The Apache Software Foundation

Apache

 1.3.26
1.3.24
1.3.22
1.3.20
1.3.19
1.3.17
1.3.14
1.3.12
1.3.11
1.3.9
1.3.6
1.3.4
1.3.3
1.3.2
1.3.1
1.3.0

Oracle Corporation

Oracle9i Application Server

 1.0.2.x
9.0.2.x

Database Server

 8.1.7.x
9.0.1.x
9.2.x

References

Credit
  • zen-parse -


Direct URL: http://osvdb.org/4552