FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-3304

This CVE name corresponds to:

Entered Topic
2007-09-11 apache -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-3304 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-3304
Phase Assigned(20070620)

Description

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."

References

Source Reference
BUGTRAQ 20070529 Apache httpd vulenrabilities
BUGTRAQ 20070619 Apache Prefork MPM vulnerabilities - Report
BUGTRAQ 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
MLIST [apache-httpd-dev] 20070622 Re: PID table changes (was Re: svn commit: r547987 - in /httpd/httpd/trunk)
MLIST [apache-httpd-dev] 20070629 Re: [PATCH] pid safety checks for 2.2.x
MLIST [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
MISC http://security.psnc.pl/files/apache_report.pdf
MISC http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111
CONFIRM http://svn.apache.org/viewvc?view=rev&revision=547987
CONFIRM http://httpd.apache.org/security/vulnerabilities_13.html
CONFIRM http://httpd.apache.org/security/vulnerabilities_20.html
CONFIRM http://httpd.apache.org/security/vulnerabilities_22.html
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-363.htm
CONFIRM https://issues.rpath.com/browse/RPL-1710
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=186219
CONFIRM http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html
AIXAPAR PK50467
AIXAPAR PK52702
AIXAPAR PK53984
FEDORA FEDORA-2007-2214
GENTOO GLSA-200711-06
HP HPSBUX02273
HP SSRT071476
MANDRIVA MDKSA-2007:140
MANDRIVA MDKSA-2007:142
REDHAT RHSA-2007:0532
REDHAT RHSA-2007:0556
REDHAT RHSA-2007:0557
REDHAT RHSA-2007:0662
REDHAT RHSA-2008:0261
SGI 20070701-01-P
SUNALERT 103179
SUNALERT 200032
SUSE SUSE-SA:2007:061
TRUSTIX 2007-0026
UBUNTU USN-499-1
BID 24215
OSVDB 38939
OVAL oval:org.mitre.oval:def:11589
SECUNIA 28606
VUPEN ADV-2007-2727
VUPEN ADV-2007-3100
VUPEN ADV-2007-3283
VUPEN ADV-2007-3420
VUPEN ADV-2007-3494
VUPEN ADV-2007-4305
SECTRACK 1018304
SECUNIA 25827
SECUNIA 25830
SECUNIA 25920
SECUNIA 26211
SECUNIA 26273
SECUNIA 26443
SECUNIA 26508
SECUNIA 26611
SECUNIA 26759
SECUNIA 26790
SECUNIA 26822
SECUNIA 26842
SECUNIA 26993
SECUNIA 27121
SECUNIA 27209
SECUNIA 27563
SECUNIA 27732
SECUNIA 28212
SECUNIA 28224
SECUNIA 28606
SREASON 2814
VUPEN ADV-2008-0233
XF apache-child-process-dos(35095)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.