Vulnerability Name:

CVE-2007-1741 (CCN-33584)

Assigned:2007-04-11
Published:2007-04-11
Updated:2017-07-29
Summary:Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks.
Note: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
CVSS v3 Severity:4.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.2 Medium (CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
5.0 Medium (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
3.5 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:P/I:P/A:P)
2.8 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:S/C:P/I:P/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-362
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2007-1741

Source: MITRE
Type: CNA
CVE-2007-1742

Source: MITRE
Type: CNA
CVE-2007-1743

Source: CCN
Type: Apache HTTP Server Web site
Welcome! - The Apache HTTP Server Project

Source: IDEFENSE
Type: Vendor Advisory
20070411 Apache HTTPD suEXEC Multiple Vulnerabilities

Source: MLIST
Type: Vendor Advisory
[apache-http-dev] 20070328 [Fwd: iDefense Final Notice [IDEF1445]]

Source: MLIST
Type: UNKNOWN
[apache-http-dev] 20070328 Re: [Fwd: iDefense Final Notice [IDEF1445]]

Source: OSVDB
Type: UNKNOWN
38639

Source: CCN
Type: SECTRACK ID: 1017904
Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges

Source: CCN
Type: OSVDB ID: 34872
Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 38639
Apache HTTP Server suexec Multiple Symlink Privilege Escalation

Source: CCN
Type: OSVDB ID: 38640
Apache HTTP Server suexec Document Root Unauthorized Operations

Source: BID
Type: UNKNOWN
23438

Source: CCN
Type: BID-23438
Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses

Source: SECTRACK
Type: UNKNOWN
1017904

Source: XF
Type: UNKNOWN
apache-suexec-privilege-escalation(33584)

Source: XF
Type: UNKNOWN
apache-suexec-privilege-escalation(33584)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 04.11.07
Apache HTTPD suEXEC Multiple Vulnerabilities

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:http_server:2.2.3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:http_server:2.2.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apache http server 2.2.3
    apache http server 2.2.3