CVE-2007-1741 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2007-1741 Interim 1 13 2022-11-26T02:58:20Z current 2021-05-30T12:38:32Z 2022-11-26T02:58:20Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2007-1741 Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server Teradata 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 permissions permissions as a component of HPE Helion OpenStack 8 permissions as a component of SUSE Linux Enterprise Server 12 SP2-BCL permissions as a component of SUSE Linux Enterprise Server 12 SP3-BCL permissions as a component of SUSE Linux Enterprise Server 12 SP3-ESPOS permissions as a component of SUSE Linux Enterprise Server 12 SP3-LTSS permissions as a component of SUSE Linux Enterprise Server Teradata 12 SP3 permissions as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 permissions as a component of SUSE OpenStack Cloud 8 permissions as a component of SUSE OpenStack Cloud Crowbar 8 Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." CVE-2007-1741 HPE Helion OpenStack 8:permissions SUSE Linux Enterprise Server 12 SP2-BCL:permissions SUSE Linux Enterprise Server 12 SP3-BCL:permissions SUSE Linux Enterprise Server 12 SP3-ESPOS:permissions SUSE Linux Enterprise Server 12 SP3-LTSS:permissions SUSE Linux Enterprise Server Teradata 12 SP3:permissions SUSE Linux Enterprise Server for SAP Applications 12 SP3:permissions SUSE OpenStack Cloud 8:permissions SUSE OpenStack Cloud Crowbar 8:permissions moderate 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C