|Summary:||<www-servers/apache-2.2.22-r1 : LD_LIBRARY_PATH Security Issue (CVE-2012-0883)|
|Product:||Gentoo Security||Reporter:||Agostino Sarubbo <ago>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Severity:||critical||CC:||apache-bugs, hanno, mail, patrick, pva|
|Package list:||Runtime testing required:||---|
Description Agostino Sarubbo 2012-04-18 07:59:34 UTC
Comment 1 Agostino Sarubbo 2012-04-18 08:01:21 UTC
@maintainers: Since there is no fix in 2.2 version, I'd say that vulnerability was introduced in 2.4.x branch, can you check please?
Comment 2 Tomas Hoger 2012-04-18 08:33:25 UTC
(In reply to comment #1) > Since there is no fix in 2.2 version, I'd say that vulnerability was > introduced in 2.4.x branch, can you check please? The fix is proposed for inclusion in 2.2: http://svn.apache.org/viewvc?view=revision&revision=1296431
Comment 3 Tim Sammut (RETIRED) 2012-04-18 16:22:08 UTC
(In reply to comment #2) > > The fix is proposed for inclusion in 2.2: > http://svn.apache.org/viewvc?view=revision&revision=1296431 Thanks, Tomas. @apache, from that URL: + Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1296428 + 2.2.x patch: Trunk patch works
Comment 4 Tim Sammut (RETIRED) 2012-04-19 14:11:45 UTC
*** Bug 412641 has been marked as a duplicate of this bug. ***
Comment 5 Patrick Lauer 2012-04-20 04:24:11 UTC
+ 20 Apr 2012; Patrick Lauer <email@example.com> +apache-2.2.22-r1.ebuild, + +files/2.2.22-envvars-std.in: + Fix for #412481 Since the patch is very simple I committed it with stable keywords. Hope that makes everyone happy :)
Comment 6 Patrick Lauer 2012-04-20 04:35:23 UTC
2.4.2 is in tree (but masked as 2.4 needs some more massaging to be nice)
Comment 7 Tim Sammut (RETIRED) 2012-04-20 06:13:49 UTC
Thanks muchly. Added to existing GLSA request.
Comment 8 GLSAMaker/CVETool Bot 2012-04-28 00:41:07 UTC
CVE-2012-0883 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0883): envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
Comment 9 GLSAMaker/CVETool Bot 2012-06-24 14:29:35 UTC
This issue was resolved and addressed in GLSA 201206-25 at http://security.gentoo.org/glsa/glsa-201206-25.xml by GLSA coordinator Tobias Heinlein (keytoaster).