CVE - CVE-2002-0839

CVE-ID
CVE-2002-0839	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:5884 URL:http://www.securityfocus.com/bid/5884 BUGTRAQ:20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache) URL:http://marc.info/?l=bugtraq&m=103376585508776&w=2 BUGTRAQ:20021015 GLSA: apache URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.html BUGTRAQ:20021017 TSLSA-2002-0069-apache URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html CONECTIVA:CLA-2002:530 URL:~~http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530~~ (Obsolete source - check if archived by the Wayback Machine) CONFIRM:http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 CONFIRM:http://www.apacheweek.com/issues/02-10-04 DEBIAN:DSA-187 URL:http://www.debian.org/security/2002/dsa-187 DEBIAN:DSA-188 URL:http://www.debian.org/security/2002/dsa-188 DEBIAN:DSA-195 URL:http://www.debian.org/security/2002/dsa-195 ENGARDE:ESA-20021007-024 URL:http://www.linuxsecurity.com/advisories/other_advisory-2414.html HP:HPSBOV02683 URL:http://marc.info/?l=bugtraq&m=130497311408250&w=2 HP:HPSBUX0210-224 URL:http://online.securityfocus.com/advisories/4617 HP:SSRT090208 URL:http://marc.info/?l=bugtraq&m=130497311408250&w=2 MANDRAKE:MDKSA-2002:068 URL:~~http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php~~ (Obsolete source) MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20210422 svn commit: r1074079 [2/3] - in /websites/staging/httpd/trunk/content: ./ apreq/ contribute/ contributors/ dev/ docs-project/ docs/ info/ mod_fcgid/ mod_ftp/ mod_mbox/ mod_smtpd/ modules/ security/ test/ test/flood/ URL:https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E SGI:20021105-01-I URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I VULNWATCH:20021003 iDEFENSE Security Advisory 10.03.2002: Apache 1.3.x shared memory scoreboard vulnerabilities URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.html XF:apache-scorecard-memory-overwrite(10280) URL:~~http://www.iss.net/security_center/static/10280.php~~ (Obsolete source - check if archived by the Wayback Machine)
Assigning CNA
MITRE Corporation
Date Record Created
20020808	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20110830)
Votes (Legacy)
ACCEPT(3) Armstrong, Cole, Green MODIFY(1) Cox NOOP(1) Christey
Comments (Legacy)
Christey> CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Cox> Addref: RHSA-2002:251 Addref: RHSA-2002:248 Addref: RHSA-2002:244 Addref: RHSA-2002:243 Addref: RHSA-2002:222 Change Apache Week ref to: http://www.apacheweek.com/issues/02-10-04#security Christey> SGI:20021105-02-I URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I
Proposed (Legacy)
20030317
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)