1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
Candidate: CVE-2012-0883
PublicDate: 2012-04-18
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883
Description:
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a
zero-length directory name in the LD_LIBRARY_PATH, which allows local users
to gain privileges via a Trojan horse DSO in the current working directory
during execution of apachectl.
Ubuntu-Description:
jdstrand> Debian/Ubuntu packages contain 038_no_LD_LIBRARY_PATH (see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276670 for more information)
Notes:
Bugs:
Priority: negligible
Discovered-by:
Assigned-to:
Patches_apache2:
upstream: http://mail-archives.apache.org/mod_mbox/httpd-cvs/201203.mbox/%3C20120308161052.6AF9B23888EA@eris.apache.org%3E
upstream_apache2: released (2.4.2)
hardy_apache2: not-affected
lucid_apache2: not-affected
maverick_apache2: not-affected
natty_apache2: not-affected
oneiric_apache2: not-affected
devel_apache2: not-affected
|