-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello List, Modification of apache scoreboard data, shared by root (uid=0) and www-data process, allows triggering of invalid free in root process during apache shutdown, exploitation seems impossible except for really broken chroot configs. The free is triggered by setting the scoreboard type from shared-mem-type to malloc-type. This is possible because the scoreboard type setting is also stored in shared memory and hence changeable by lower-privileged worker process. See http://www.halfdog.net/Security/2011/ApacheScoreboardInvalidFreeOnShutdown/ - -- http://www.halfdog.net/ PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk8Ow4EACgkQxFmThv7tq+7NHgCeJ3AUOs4UHZMfQDm5C61NwEek szkAoIy/vgYHRBgHQPygbGK6De+Yjxi0 =CYqA -----END PGP SIGNATURE-----