SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Web Server/CGI)  >   Apache Vendors:   Apache Software Foundation
Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
SecurityTracker Alert ID:  1009495
SecurityTracker URL:  http://securitytracker.com/id/1009495
CVE Reference:   CAN-2004-0174   (Links to External Site)
Updated:  Apr 13 2004
Original Entry Date:  Mar 19 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0.48 and prior versions; 1.3.29 and prior versions
Description:   A vulnerability was reported in the Apache web server. A remote user may be able to cause denial of service conditions.

It is reported that a remote user can establish a short-lived connection to a rarely-accessed listening socket on the target server. This may cause the Apache child process to block new connections until another connection arrives on the rarely-accessed listening socket.

The report indicates that some versions of AIX, Solaris, and Tru64 UNIX are affected, but that FreeBSD and Linux systems are not affected.
Impact:   A remote user may be able to cause the target server to deny connection requests.
Solution:   The vendor has developed a fixed version (2.0.49), available at:

http://httpd.apache.org/download.cgi

The vendor has also released a fixed development version (1.3.31-dev) for the Apache 1.3 release series.
Vendor URL:  httpd.apache.org/ (Links to External Site)
Cause:   Resource error
Underlying OS:   UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 1 2004 (Trustix Issues Fix) Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service   (Trustix Security Advisor <tsl@trustix.org>)
Trustix has released a fix.
Apr 14 2004 (Conectiva Issues Fix) Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service   (Conectiva Updates <secure@conectiva.com.br>)
Conectiva has released a fix.
Apr 26 2004 (HP Issues Fix for HP-UX) Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
HP has issued a fix for HP-UX.
May 4 2004 (Apple Issues Fix for OS X) Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service   (Apple Product Security <product-security@apple.com>)
Apple has released a fix for Mac OS X.
May 13 2004 (Slackware Issues Fix) Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service   (Slackware Security Team <security@slackware.com>)
Slackware has released a fix.
May 18 2004 (Mandrake Issues Fix) Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
May 20 2004 (Mandrake Issues Fix for mod_perl) Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has issued a fix for mod_perl.
May 26 2004 (Gentoo Issues Fix) Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service   (Kurt Lieber <klieber@gentoo.org>)
Gentoo has released a fix.
Jun 11 2004 (HP Issues Fix for Tru64) Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
HP has issued patches.
Sep 10 2004 (Sun Issues Fix) Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
Sun has issued a fix for Solaris 9.
Dec 2 2004 (Apple Issues Fix for OS X) Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
Apple has issued a fix for Apache on Mac OS X.


 Source Message Contents
Date:  Fri, 19 Mar 2004 07:45:18 -0500
Subject:  CAN-2004-0174


 > Fixed in Apache httpd 2.0.49

 > listening socket starvation CAN-2004-0174
 > A starvation issue on listening sockets occurs when a short-lived connection on a
 > rarely-accessed listening socket will cause a child to hold the accept mutex and block
 > out new connections until another connection arrives on that rarely-accessed listening
 > socket.

 > Affects: 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
 > 2.0.37, 2.0.36, 2.0.35


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC