VULNERABILITIES / FIXES - April 18, 2012
by Carol~ - 4/18/12 8:47 AM
Apache HTTP Server LD_LIBRARY_PATH Security Issue
Release Date : 2012-04-18
Criticality level : Not critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch
Software: Apache 2.4.x
A security issue has been reported in Apache HTTP Server, which can be exploited by malicious, local users to gain escalated privileges.
The security issue is caused due to the application incorrectly setting the environment variable LD_LIBRARY_PATH. This can be exploited to gain escalated privileges by e.g. tricking a user into running certain scripts in a directory containing a malicious library.
The security issue is reported in versions prior to 2.4.2.
Update to version 2.4.2.
Provided and/or discovered by:
Reported by the vendor.