CVE-2012-0883

Description

envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.

References

Vendor Advisory
PatchVendor Advisory
Broken Link
Broken LinkThird Party AdvisoryVDB Entry
Issue TrackingMailing ListThird Party Advisory
Not Applicable
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Third Party Advisory
Broken Link
Broken LinkMailing List
Broken LinkThird Party Advisory
Vendor Advisory
Third Party AdvisoryVDB Entry
Third Party AdvisoryVDB Entry
Release NotesThird Party Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:L/AC:M/Au:N/C:C/I:C/A:C

AccessVector

LOCAL

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

6.900000095367432