SB2012111610 - Permissions, Privileges, and Access Controls in apache2 (Alpine package)
Published: November 16, 2012
Security Bulletin ID
SB2012111610
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-0883)
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=8c814a95fd7906f50766a235a472cdc2abdc5981
- https://git.alpinelinux.org/aports/commit/?id=3672383e469c6e838048e39c7457a7acc21e1fd0
- https://git.alpinelinux.org/aports/commit/?id=bf6e336a815b4e3caf0f33264f07c9f9a4efa429
- https://git.alpinelinux.org/aports/commit/?id=71147bc9839a1fbaa518c650b7937a42df8acc7a