Lucene search

K
freebsdFreeBSDDE2BC01F-DC44-11E1-9F4D-002354ED89BC
HistoryMar 02, 2012 - 12:00 a.m.

Apache -- Insecure LD_LIBRARY_PATH handling

2012-03-0200:00:00
vuxml.freebsd.org
20

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

11.7%

Apache reports:

Insecure handling of LD_LIBRARY_PATH was found that could lead to
the current working directory to be searched for DSOs. This could
allow a local user to execute code as root if an administrator runs
apachectl from an untrusted directory.

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

11.7%