CVE-2002-0839

Name of the Vulnerable Software and Affected Versions: Apache versions 1.3.x through 1.3.26

Description: The issue concerns the shared memory scoreboard in the HTTP daemon, which allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root. This can result in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last rtime segments in the scoreboard. An attacker who can execute under the Apache UID can exploit this to send a signal to any process as root or cause a local denial of service attack.

Recommendations: For Apache versions 1.3.x through 1.3.26, update to version 1.3.27 or later to resolve the issue. As a temporary workaround, consider restricting access to the shared memory scoreboard to minimize the risk of exploitation.