The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Http_server | Apache | 1.3.0 (including) | 1.3.27 (excluding) |
| Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
| Red Hat Linux 6.2 | RedHat | * | |
| Red Hat Linux 7.0 | RedHat | * | |
| Red Hat Linux 7.1 | RedHat | * | |
| Red Hat Linux 7.1 | RedHat | * | |
| Red Hat Linux 7.2 | RedHat | * | |
| Red Hat Linux 7.3 | RedHat | * | |
| Red Hat Linux 8.0 | RedHat | * | |
| Red Hat Linux Advanced Workstation 2.1 | RedHat | * | |
| Red Hat Stronghold 3 | RedHat | * | |
| Red Hat Stronghold 4 | RedHat | * | |
| Stronghold 4 for Red Hat Enterprise Linux | RedHat | * | |
| Apache | Ubuntu | dapper | * |
| Apache | Ubuntu | edgy | * |
| Apache | Ubuntu | feisty | * |