From secunia security advisory at $URL:
A security issue has been reported in Apache HTTP Server, which can be exploited by malicious, local users to gain escalated privileges.
The security issue is caused due to the application incorrectly setting the environment variable LD_LIBRARY_PATH. This can be exploited to gain escalated privileges by e.g. tricking a user into running certain scripts in a directory containing a malicious library.
The security issue is reported in versions prior to 2.4.2.
Update to version 2.4.2.
Since there is no fix in 2.2 version, I'd say that vulnerability was introduced in 2.4.x branch, can you check please?
(In reply to comment #1)
> Since there is no fix in 2.2 version, I'd say that vulnerability was
> introduced in 2.4.x branch, can you check please?
The fix is proposed for inclusion in 2.2:
(In reply to comment #2)
> The fix is proposed for inclusion in 2.2:
@apache, from that URL:
+ Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1296428
+ 2.2.x patch: Trunk patch works
*** Bug 412641 has been marked as a duplicate of this bug. ***
+ 20 Apr 2012; Patrick Lauer <firstname.lastname@example.org> +apache-2.2.22-r1.ebuild,
+ Fix for #412481
Since the patch is very simple I committed it with stable keywords. Hope that makes everyone happy :)
2.4.2 is in tree (but masked as 2.4 needs some more massaging to be nice)
Thanks muchly. Added to existing GLSA request.
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a
zero-length directory name in the LD_LIBRARY_PATH, which allows local users
to gain privileges via a Trojan horse DSO in the current working directory
during execution of apachectl.
This issue was resolved and addressed in
GLSA 201206-25 at http://security.gentoo.org/glsa/glsa-201206-25.xml
by GLSA coordinator Tobias Heinlein (keytoaster).