CVE-2012-0883
CVE-2012-0883
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://article.gmane.org/gmane.comp.apache.devel/48158http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2013-02/msg00009.htmlhttp://lists.opensuse.org/opensuse-updates/2013-02/msg00012.htmlhttp://marc.info/?l=bugtraq&m=134012830914727&w=2http://secunia.com/advisories/48849https://exchange.xforce.ibmcloud.com/vulnerabilities/74901https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862https://httpd.apache.org/security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E