IBM Support

PK50467: CVE-2007-3304 MPM SIGNALLING VULNERABILITY

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Apache 2.0 on Unix/Linux potentially allows the web server
    parent (monitor) process to send signals to unintended
    processes on the system.
    The trigger for this is for a malicious program with the
    proper authority (running as root or running with the same
    authority as the web server child processes) to overwrite
    process ids in the web server shared memory with a different
    value.
    The parent process should sanity-check the process id
    value before sending the process a signal.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: IBM HTTP SERVER configurations with          *
    * malicious applications running in the web server or on the   *
    * web server machine                                           *
    ****************************************************************
    * PROBLEM DESCRIPTION: Applications running inside the web     *
    * server or on systems with the web server, and having         *
    * permission to update the shared memory used to communicate   *
    * among the web server processes, may be able to modify that   *
    * shared memory to cause the web server parent process to      *
    * terminate the wrong processes.  Such applications would need *
    * to run as root or as the web server user id.                 *
    ****************************************************************
    * RECOMMENDATION: Apply this fix to protect against some types *
    * of malicious applications.                                   *
    ****************************************************************
    The web server parent process reads the shared memory
    "scoreboard" to determine which child processes to signal.
    A malicious application can store certain values in the
    scoreboard to cause the parent process to signal some processes
    that the malicious application would not otherwise be able
    to signal.
    

Problem conclusion

  • The worker MPM was updated to check the type of process id
    in the scoreboard before sending a signal.
    (Note that the fixes required for different Apache MPMs and
    releases differed.  IHS is applying the appropriate fixes for
    its use of the Apache source code.)
    IHS 1.3.28 was modified to keep a list of child process ids, and
    not signal any other process ids which may be written to the
    scoreboard.
    This fix is targeted for:
    Fix pack 6.1.0.13.
    Fix pack 6.0.2.23.
    Cumulative e-fix PK53584 for 2.0.47.1
    Cumulative e-fix PK55141 for 1.3.28.1
    

Temporary fix

Comments

APAR Information

  • APAR number

    PK50467

  • Reported component name

    IBM HTTP SERVER

  • Reported component ID

    5724J0801

  • Reported release

    60A

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2007-08-06

  • Closed date

    2007-09-04

  • Last modified date

    2007-11-16

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    IBM HTTP SERVER

  • Fixed component ID

    5724J0801

Applicable component levels

  • R60A PSN

       UP

  • R60H PSN

       UP

  • R60P PSN

       UP

  • R60I PSN

       UP

  • R60S PSN

       UP

  • R60Z PSN

       UP

  • R61A PSN

       UP

  • R61H PSN

       UP

  • R61P PSN

       UP

  • R61I PSN

       UP

  • R61S PSN

       UP

  • R61Z PSN

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
07 September 2022