CVE-2002-0839

NameCVE-2002-0839
DescriptionThe shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-187, DSA-188, DSA-195
NVD severityhigh (attack range: local)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
apachesource(unstable)1.3.27-0.1high
apachesourcewoody1.3.26-0woodyhighDSA-187
apache-perlsource(unstable)1.3.26-1.1-1.27-3-1high
apache-perlsourcewoody1.3.26-1-1.26-0woody2highDSA-195
apache-sslsourcewoody1.3.26.1+1.48-0woody3highDSA-188

Search for package or bug name: Reporting problems