FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Apache -- Insecure LD_LIBRARY_PATH handling

Affected packages
apache <= 2.2.22_5
apache-event <= 2.2.22_5
apache-itk <= 2.2.22_5
apache-peruser <= 2.2.22_5
apache-worker <= 2.2.22_5


VuXML ID de2bc01f-dc44-11e1-9f4d-002354ed89bc
Discovery 2012-03-02
Entry 2012-08-01

Apache reports:

Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory.


CVE Name CVE-2012-0883