CVE-2012-0883

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.2

Description The issue is related to insecure handling of the LD LIBRARY PATH environment variable, which allows a local user to potentially gain privileges by executing a Trojan horse DSO in the current working directory when apachectl is run. This could enable a local user to execute code as root if an administrator runs apachectl from an untrusted directory.

Recommendations For Apache HTTP Server versions prior to 2.4.2, update to version 2.4.2 or later to resolve the issue. As a temporary workaround, consider restricting the execution of apachectl to trusted directories only, and avoid running it from untrusted or user-writable directories.