#VU32751 Permissions, Privileges, and Access Controls in Apache HTTP Server - CVE-2012-0883

Cybersecurity Help s.r.o.

Published: 2012-04-18 | Updated: 2020-07-28

Vulnerability identifier: #VU32751

Vulnerability risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2012-0883

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Apache HTTP Server
Server applications / Web servers

Vendor: Apache Foundation

Description

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Apache HTTP Server: 2.4.0 - 2.4.1

External links
https://article.gmane.org/gmane.comp.apache.devel/48158
https://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
https://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
https://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
https://marc.info/?l=bugtraq&m=134012830914727&w=2
https://secunia.com/advisories/48849
https://support.apple.com/kb/HT5880
https://svn.apache.org/viewvc?view=revision&revision=1296428
https://www.apache.org/dist/httpd/Announcement2.4.html
https://www.apachelounge.com/Changelog-2.4.html
https://www.securityfocus.com/bid/53046
https://www.securitytracker.com/id?1026932
https://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74901
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Permissions, Privileges, and Access Controls in apache2 (Alpine package)

Multiple vulnerabilities in HP-UX Apache Web Server running PHP

Permissions, Privileges, and Access Controls in Apache HTTP Server