Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2013-1048

Published: 6 March 2013

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.

Notes

AuthorNote
seth-arnold 
not part of apache upstream; vulnerability shared with Debian

Priority

Medium

Status

Package Release Status
apache2
Launchpad, Ubuntu, Debian 		upstream
Released (2.2.22-13)
hardy
Released (2.2.8-1ubuntu0.25)
lucid
Released (2.2.14-5ubuntu8.11)
oneiric
Released (2.2.20-1ubuntu1.4)
precise
Released (2.2.22-1ubuntu1.3)
quantal
Released (2.2.22-6ubuntu2.2)
Patches:
vendor: http://www.debian.org/security/2013/dsa-2637

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading