Bug 773744 (CVE-2012-0031)

Summary: CVE-2012-0031 httpd: possible crash on shutdown due to flaw in scoreboard handling
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jkaluza, jorton, pahan, pcheung, prc, wnefal+redhatbugzilla
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: httpd 2.2.22 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-05-07 19:33:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 746695, 746696, 746697, 785070, 787596, 787597, 787598, 787599    
Bug Blocks: 781212    

Description Vincent Danen 2012-01-12 18:49:39 UTC 
Apache 2.2 fixed a possible crash on shutdown if a child changes the sb_type field in the scoreboard.  Since unprivileged children should not be able to affect the parent in this way, this is treated as a Low severity security issue [1].

The reporter has a nice writeup of the flaw as well [2].

[1] http://svn.apache.org/viewvc?view=revision&revision=1230065
[2] http://www.halfdog.net/Security/2011/ApacheScoreboardInvalidFreeOnShutdown/
Comment 2 Joe Orton 2012-02-06 12:54:44 UTC 
2.2.x fix: http://svn.apache.org/viewvc?rev=1231058&view=rev
Comment 4 errata-xmlrpc 2012-02-13 20:34:29 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0128 https://rhn.redhat.com/errata/RHSA-2012-0128.html
Comment 5 errata-xmlrpc 2012-02-21 21:58:17 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:0323 https://rhn.redhat.com/errata/RHSA-2012-0323.html
Comment 6 errata-xmlrpc 2012-05-07 18:51:08 UTC 
This issue has been addressed in following products:

  JBoss Enterprise Web Server 1.0.2

Via RHSA-2012:0543 https://rhn.redhat.com/errata/RHSA-2012-0543.html
Comment 7 errata-xmlrpc 2012-05-07 19:17:32 UTC 
This issue has been addressed in following products:

  JBEWS 1.0 for RHEL 5
  JBEWS 1.0 for RHEL 6

Via RHSA-2012:0542 https://rhn.redhat.com/errata/RHSA-2012-0542.html
Comment 8 Vincent Danen 2014-11-04 20:52:51 UTC 
Statement:

(none)