FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Apache -- Insecure LD_LIBRARY_PATH handling

Affected packages
apache <= 2.2.22_5
apache-event <= 2.2.22_5
apache-itk <= 2.2.22_5
apache-peruser <= 2.2.22_5
apache-worker <= 2.2.22_5

Details

VuXML ID de2bc01f-dc44-11e1-9f4d-002354ed89bc
Discovery 2012-03-02
Entry 2012-08-01

Apache reports:

Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory.

References

CVE Name CVE-2012-0883
URL http://httpd.apache.org/security/vulnerabilities_24.html
URL http://www.apache.org/dist/httpd/CHANGES_2.4.2