OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Daniel Ahlberg (aliz_at_gentoo.org)
Date: Tue Oct 15 2002 - 03:26:10 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - - --------------------------------------------------------------------
    GENTOO LINUX SECURITY ANNOUNCEMENT 200210-002
    - - --------------------------------------------------------------------

    PACKAGE : apache
    SUMMARY : shared memory scoreboard vulnerabilities
    EXPLOIT : local
    DATE    : 2002-10-15 08:25 UTC

    - - --------------------------------------------------------------------

    Apache HTTP Server contains a vulnerability in its shared memory
    scoreboard. Attackers who can execute commands under the Apache
    UID can either send a (SIGUSR1) signal to any process as root, in
    most cases killing the process, or launch a local denial of service (DoS)
    attack.

    Read the full advisory at
    http://www.idefense.com/advisory/10.03.02.txt

    SOLUTION

    It is recommended that all Gentoo Linux users who are running
    net-www/apache-1.3.26-r4 and earlier update their systems
    as follows:

    emerge rsync
    emerge apache
    emerge clean

    - - --------------------------------------------------------------------
    alizgentoo.org - GnuPG key is available at www.gentoo.org/~aliz
    - - --------------------------------------------------------------------
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)

    iD8DBQE9q9EifT7nyhUpoZMRAvMAAKC5uldCFmTfBWUELQUjdPUB63IX4ACeOIZi
    kXGG6Si1xe2JA+hdpT/TRSo=
    =Hawy
    -----END PGP SIGNATURE-----