CVE-2007-1741

Publication date 13 April 2007

Last updated 24 July 2024

Ubuntu priority

Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
apache2	7.04 feisty	Ignored
	6.10 edgy	Ignored
	6.06 LTS dapper	Ignored

How can I get the fixes?
What do statuses mean?

Notes

kees

negligible addition checks for suexec

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-1741