Apache Fixes Flaw in Web Server
Vulnerability lets local users terminate processes or launch denial-of-service attacks against the server.A new vulnerability in the Apache Web server gives local users the ability to terminate processes or launch denial-of-service attacks against the server. The Apache Software Foundation has released an updated version of the affected server. The new release, 1.3.27, fixes the problem. The vulnerability is in the shared memory scoreboard, which is stored in a shared memory segment owned by the Apache server. Any user who can obtain execution permissions under the Apache UID can send signals to any process as root, and in most cases, terminate the process, according to a bulletin published Thursday by iDefense Inc., a Chantilly, Va., security company.
Also, an attacker with the proper permissions could cause a denial-of-service condition on the Apache server.