CVE-2005-2970 Information

Description

Memory leak in the worker MPM (worker.c) for Apache 2 in certain circumstances allows remote attackers to cause a denial of service (memory consumption) via aborted connections which prevents the memory for the transaction pool from being reused for other connections.

Reference

http://mail-archives.apache.org/mod_mbox/httpd-cvs/200509.mbox/[email protected] http://rhn.redhat.com/errata/RHSA-2006-0159.html http://secunia.com/advisories/16559 http://secunia.com/advisories/17923 http://secunia.com/advisories/18161 http://secunia.com/advisories/18333 http://secunia.com/advisories/18585 http://securitytracker.com/id?1015093 http://svn.apache.org/viewcvs?rev=292949&view=rev http://www.mandriva.com/security/advisories?name=MDKSA-2005:233 http://www.novell.com/linux/security/advisories/2005_28_sr.html http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.html http://www.securityfocus.com/archive/1/425399/100/0/threaded http://www.securityfocus.com/bid/15762 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@3Ccvs.httpd.apache.org3E https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10043 https://www.ubuntu.com/usn/usn-225-1/