CVE-2013-1048

Publication date 6 March 2013

Last updated 24 July 2024


Ubuntu priority

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.

Read the notes from the security team

Status

Package Ubuntu Release Status
apache2 12.10 quantal
Fixed 2.2.22-6ubuntu2.2
12.04 LTS precise
Fixed 2.2.22-1ubuntu1.3
11.10 oneiric
Fixed 2.2.20-1ubuntu1.4
10.04 LTS lucid
Fixed 2.2.14-5ubuntu8.11
8.04 LTS hardy
Fixed 2.2.8-1ubuntu0.25

Notes


seth-arnold

not part of apache upstream; vulnerability shared with Debian

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
apache2

References

Related Ubuntu Security Notices (USN)

    • USN-1765-1
    • Apache HTTP Server vulnerabilities
    • 18 March 2013

Other references