Back to search
CVE-2012-0883
Published: Apr 18, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
SSRT100856
vendor-advisory
x_refsource_HP
53046
vdb-entry
x_refsource_BID
48849
third-party-advisory
x_refsource_SECUNIA
SSRT101209
vendor-advisory
x_refsource_HP
APPLE-SA-2013-09-12-1
vendor-advisory
x_refsource_APPLE
http://www.apache.org/dist/httpd/Announcement2.4.html
x_refsource_CONFIRM
http://www.apachelounge.com/Changelog-2.4.html
x_refsource_CONFIRM
1026932
vdb-entry
x_refsource_SECTRACK
https://httpd.apache.org/security/vulnerabilities_24.html
x_refsource_CONFIRM
[dev] 20120417 [ANNOUNCEMENT] Apache HTTP Server 2.4.2 Released
mailing-list
x_refsource_MLIST
openSUSE-SU-2013:0248
vendor-advisory
x_refsource_SUSE
apache-ldlibrarypath-code-execution(74901)
vdb-entry
x_refsource_XF
HPSBUX02791
vendor-advisory
x_refsource_HP
openSUSE-SU-2013:0243
vendor-advisory
x_refsource_SUSE
http://support.apple.com/kb/HT5880
x_refsource_CONFIRM
HPSBMU02900
vendor-advisory
x_refsource_HP
http://svn.apache.org/viewvc?view=revision&revision=1296428
x_refsource_CONFIRM
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073139 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1888194 [8/13] - /httpd/site/trunk/content/security/json/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now