CVE-2002-0839

NameCVE-2002-0839
DescriptionThe shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-187, DSA-188, DSA-195

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
apachesourcewoody1.3.26-0woodyDSA-187
apachesource(unstable)1.3.27-0.1
apache-perlsourcewoody1.3.26-1-1.26-0woody2DSA-195
apache-perlsource(unstable)1.3.26-1.1-1.27-3-1
apache-sslsourcewoody1.3.26.1+1.48-0woody3DSA-188

Search for package or bug name: Reporting problems