漏洞信息详情
Apache Web Server 安全漏洞
- CNNVD编号:CNNVD-200210-255
- 危害等级: 高危
- CVE编号: CVE-2002-0839
- 漏洞类型: 其他
- 发布时间: 2002-10-11
- 威胁类型: 本地
- 更新时间: 2021-06-07
- 厂 商: apache
- 漏洞来源: zen-parse※ zen-par...
漏洞简介
Apache Web Server是一款非常流行的开放源码、功能强大的Web服务器程序,由Apache Software Foundation开发和维护。它可以运行在多种操作系统平台下,例如Unix/Linux/BSD系统以及Windows系统。Apache在处理共享内存Scoreboard存在漏洞,本地攻击者可能利用该漏洞以Apache UID的权限执行任意命令,并且可以以root的权限给任意进程发送SIGUSR1信号,杀死进程,产生拒绝服务。利用Scoreboard覆盖parent[].pid和parent[].last_rtime的共享内存段,可以以管理员权限给任意进程发送信号。
漏洞公告
厂商补丁:
Apache Group
------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Apache Software Foundation Upgrade apache_1.3.27.tar.gz
http://www.apache.org/dist/httpd/apache_1.3.27.tar.gz" target="_blank">
http://www.apache.org/dist/httpd/apache_1.3.27.tar.gz
OpenPKG Upgrade apache-1.3.22-1.0.5.src.rpm
ftp://ftp.openpkg.org/release/1.0/UPD/apache-1.3.22-1.0.5.src.rpm
OpenPKG Upgrade apache-1.3.26-1.1.1.src.rpm
ftp://ftp.openpkg.org/release/1.1/UPD/apache-1.3.26-1.1.1.src.rpm
Oracle
------
Oracle已经为此发布了一个安全公告(OracleSA#45):
OracleSA#45:Security Release of Apache 1.3.27
链接:
http://otn.oracle.com/deploy/security/pdf/2002alert45rev1.pdf" target="_blank">
http://otn.oracle.com/deploy/security/pdf/2002alert45rev1.pdf
Oracle声称将在2002-10-08提供受影响软件的补丁。
参考网址
来源:httpd.apache.org%3E
链接:httpd.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.
来源:ENGARDE
链接:http://www.linuxsecurity.com/advisories/other_advisory-2414.HTML
来源:MANDRAKE
链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
来源:MLIST
链接:https://lists.apache.org/thread.HTML/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.
来源:HP
链接:http://online.securityfocus.com/advisories/4617
来源:VULNWATCH
链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.HTML
来源:BID
链接:https://www.securityfocus.com/bid/5884
来源:BUGTRAQ
链接:http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.HTML
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.
来源:DEBIAN
链接:https://www.debian.org/security/2002/dsa-188
来源:BUGTRAQ
链接:http://marc.info/?l=bugtraq&m=103376585508776&w=2
来源:DEBIAN
链接:https://www.debian.org/security/2002/dsa-187
来源:CONECTIVA
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
来源:HP
链接:http://marc.info/?l=bugtraq&m=130497311408250&w=2
来源:httpd-announce&m=103367938230488&w=2
链接:httpd-announce&m=103367938230488&w=2
来源:CONFIRM
链接:http://marc.info/?l=apache-
来源:MLIST
链接:https://lists.apache.org/thread.HTML/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.
来源:CONFIRM
链接:http://www.apacheweek.com/issues/02-10-04
来源:DEBIAN
链接:https://www.debian.org/security/2002/dsa-195
来源:BUGTRAQ
链接:http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.HTML
来源:XF
链接:http://www.iss.net/security_center/static/10280.php
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.
受影响实体
- Apache Http_server:1.3.22
- Apache Http_server:1.3.24
- Apache Http_server:1.3.25
- Apache Http_server:1.3.26
- Apache Http_server:1.3.19
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论