Linux Advisories Issued for Apache, Tomcat

A Gentoo Linux security announcement issued earlier this month reveals a flaw in Gentoo Linux that exposes Apache 1.3.26-r4 users to a vulnerability in its shared memory scoreboard. Attackers who can execute commands under the Apache UID can send a (SIGUSR1) signal to any process as root, in most cases killing the process, or can launch a local denial of service attack. Gentoo Linux has issued an advisory that Apache HTTP Server contains a vulnerability in its shared memory scoreboard. Attackers who can execute commands under the Apache UID can either send a (SIGUSR1) signal to any process as root, which in most cases will kill the process, or launch a local denial of service attack.

Complete Story