Description
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
Remediation
References
Related Vulnerabilities
TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4614)
Oracle Application Server Other Vulnerability (CVE-2002-1632)
WordPress Plugin Yasr-Yet Another Stars Rating PHP Object Injection (1.8.6)
MySQL CVE-2013-1526 Vulnerability (CVE-2013-1526)
WordPress Plugin WordPress Connect Cross-Site Scripting (2.0.3)