Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0839

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2002-0839
Last Modified 06 Sep 2011 09:12:24
Published 11 Oct 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-0839

Summary

The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.

Vulnerable Systems

Application

  • Apache Http Server 1.3.19

  • Apache Http Server 1.3.20

  • Apache Http Server 1.3.22

  • Apache Http Server 1.3.23

  • Apache Http Server 1.3.24

  • Apache Http Server 1.3.25

  • Apache Http Server 1.3.26


References

VULNWATCH - 20021003 iDEFENSE Security Advisory 10.03.2002: Apache 1.3.x shared memory scoreboard vulnerabilities

BID - 5884

ENGARDE - ESA-20021007-024

MANDRAKE - MDKSA-2002:068

XF - apache-scorecard-memory-overwrite(10280)

DEBIAN - DSA-195

DEBIAN - DSA-188

DEBIAN - DSA-187

CONFIRM - http://www.apacheweek.com/issues/02-10-04

HP - HPSBUX0210-224

HP - SSRT090208

HP - HPSBOV02683

BUGTRAQ - 20021017 TSLSA-2002-0069-apache

BUGTRAQ - 20021015 GLSA: apache

SGI - 20021105-01-I

BUGTRAQ - 20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)

CONFIRM - http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=103367938230488&w=2

CONECTIVA - CLA-2002:530


Last Updated: 27 May 2016 10:37:06