[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVS: cvs.openbsd.org: src

To: source-changes_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
Subject: CVS: cvs.openbsd.org: src
From: Martynas Venckus <martynas_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org>
Date: Thu, 9 Aug 2007 04:44:55 -0600 (MDT)

CVSROOT:	/cvs
Module name:	src
Changes by:	martynas_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org	2007/08/09 04:44:55

Modified files:
	usr.sbin/httpd/src/main: http_main.c 

Log message:
fix CVE-2007-3304

The Apache HTTP server did not verify that a process was an Apache child
process before sending it signals. A local attacker with the ability to
run scripts on the HTTP server could manipulate the scoreboard and cause
arbitrary processes to be terminated which could lead to a denial of
service.

ok miod@ (who also noticed to protect reclaim_child_processes); henning@;
djm@

Prev by Date: CVS: cvs.openbsd.org: src
Next by Date: CVS: cvs.openbsd.org: src
Previous by thread: CVS: cvs.openbsd.org: src
Next by thread: CVS: cvs.openbsd.org: src
Index(es):
- Date
- Thread

Visit your host, monkey.org