A new vulnerability in the Apache Web server gives local users the ability to terminate processes or launch denial-of-service attacks against the server.
The Apache Software Foundation has released an updated version of the affected server. The new release, 1.3.27, fixes the problem.
The vulnerability is in the shared memory scoreboard, which is stored in a shared memory segment owned by the Apache server. Any user who can obtain execution permissions under the Apache UID can send signals to any process as root, and in most cases, terminate the process, according to a bulletin published Thursday by iDefense Inc., a Chantilly, Va., security company.
Also, an attacker with the proper permissions could cause a denial-of-service condition on the Apache server.
IDefense said that is has been able to terminate arbitrary processes with this exploit, including some that terminated other users sessions.
The Apache 1.3.27 release also includes a fix for a cross-site scripting vulnerability present in the default error page for Apache 1.3x up to 1.3.26. When UseCanonicalName is off and support for wildcard DNS is present, the flaw allows remote attackers to execute script as other web page visitors via the Host: header.
The flaw also affects Apache 2.0 before 2.0.43.
The new versions of the Apache server are available at the Apache Web site.
- Bugbear Virus Still Running Wild
- More Security Coverage