Lucene search
RootSSV:60427HistoryOct 11, 2012 - 12:00 a.m.
Apache HTTP Server 'LD_LIBRARY_PATH'不安全库加载任意代码执行漏洞
2012-10-1100:00:00
Root
www.seebug.org
1702
0.0004 Low
EPSS
Percentile
10.9%
BUGTRAQ ID: 53046
CVE(CAN) ID: CVE-2012-0883
Apache HTTP Server是Apache软件基金会的一个开放源码的网页服务器,可以在大多数计算机操作系统中运行,由于其多平台和安全性被广泛使用,是最流行的Web服务器端软件之一。
Apache HTTP Server 2.4.2之前版本内的envvars (即envvars-std)在LD_LIBRARY_PATH内放置了零长度的目录名称,通过在执行apachectl时在前工作目录内木马DSO,可允许本地用户获取权限。
0
Apache 2.2.x
厂商补丁:
Apache Group
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
prion
prion
Directory traversal
2012-04-18 10:33:00
seebug
seebug
Apache HTTP Server envvars本地权限提升漏洞
2012-09-18 00:00:00
Apache HTTP Server 'LD_LIBRARY_PATH'不安全库装载任意代码执行漏洞
2012-04-20 00:00:00
ubuntucve
ubuntucve
CVE-2012-0883
2012-04-18 00:00:00
freebsd
freebsd
Apache -- Insecure LD_LIBRARY_PATH handling
2012-03-02 00:00:00
apache22 -- several vulnerabilities
2012-09-13 00:00:00
httpd
httpd
Apache Httpd < 2.4.2 : insecure LD_LIBRARY_PATH handling
2012-02-14 00:00:00
Apache Httpd < 2.2.23 : insecure LD_LIBRARY_PATH handling
2012-02-14 00:00:00
cve
cve
CVE-2012-0883
2012-04-18 10:33:00
nessus
nessus
FreeBSD : Apache -- Insecure LD_LIBRARY_PATH handling (de2bc01f-dc44-11e1-9f4d-002354ed89bc)
2012-08-02 00:00:00
Apache 2.4.x < 2.4.2 'LD_LIBRARY_PATH' Insecure Library Loading
2012-04-19 00:00:00
Apache 2.2 < 2.2.23 Multiple Vulnerabilities
2012-09-17 00:00:00
openvas
openvas
FreeBSD Ports: apache
2012-08-10 00:00:00
Apache HTTP Server Privilege Escalation Vulnerability (Mar 2012) - Linux
2021-11-01 00:00:00
FreeBSD Ports: apache
2012-08-10 00:00:00
debiancve
debiancve
CVE-2012-0883
2012-04-18 10:33:00
securityvulns
securityvulns
Apache security vulnerabilities
2012-10-01 00:00:00
[ MDVSA-2012:154 ] apache
2012-10-01 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: httpd-2.2.23-1.fc17
2013-02-12 04:59:23
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 2.2.24-alt1
2013-04-14 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.24-alt1
2013-04-14 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.24-alt1
2013-04-14 00:00:00
f5
f5
redhat
redhat
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2012-06-24 00:00:00