Log in

No account? Create an account
SELinux blocks Apache DoS vulnerability - James Morris
June 29th, 2007
12:24 pm


Previous Entry Share Next Entry
SELinux blocks Apache DoS vulnerability
A recent Apache vulnerability, where a remote attacker can cause httpd to send a signal to an arbitrary process and potentially crash it, is mitigated by SELinux targeted policy (as installed by default in RHEL5 and F7). Of course, even if you have SELinux enabled, it's good defence-in-depth1 to ensure the underlying vulnerabilities are fixed.

Advisories: RHEL5, F7.

1Here's a useful reference page on Fedora Security Features.

(1 comment | Leave a comment)

Date:July 1st, 2007 07:19 pm (UTC)
Really blocks? You can't kill other apache processes with that policy?
James Morris Powered by LiveJournal.com