Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
BID:23438
Info
Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
| Bugtraq ID: | 23438 |
| Class: | Design Error |
| CVE: |
CVE-2007-1741 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 11 2007 12:00AM |
| Updated: | Mar 13 2008 03:21AM |
| Credit: | An anonymous researcher is credited with discovering these issues. |
| Vulnerable: |
Apache suEXEC 2.2.3 Apache Apache 2.2.2 Apache Apache 1.3.34 |
| Not Vulnerable: | |
Discussion
Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
Apache suEXEC is prone to multiple local privilege-escalation weaknesses.
To exploit these issues, attackers must have permission to execute the application. Permission is granted only to the same user as the webserver, typically 'httpd', 'apache', or 'nobody'. Attackers may gain such permissions by exploiting other applications running on the webserver such as CGI and PHP scripts.
A local attacker can exploit these issues to execute arbitrary code with the privileges of another user. Successful exploits may facilitate a compromise of vulnerable computers.
Apache suEXEC 2.2.3 is vulnerable to these issues; other versions may also be affected.
Apache suEXEC is prone to multiple local privilege-escalation weaknesses.
To exploit these issues, attackers must have permission to execute the application. Permission is granted only to the same user as the webserver, typically 'httpd', 'apache', or 'nobody'. Attackers may gain such permissions by exploiting other applications running on the webserver such as CGI and PHP scripts.
A local attacker can exploit these issues to execute arbitrary code with the privileges of another user. Successful exploits may facilitate a compromise of vulnerable computers.
Apache suEXEC 2.2.3 is vulnerable to these issues; other versions may also be affected.
Exploit / POC
Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
An attacker may exploit these issues by gaining local interactive access to an affected computer and permissions to execute the affected application.
An attacker may exploit these issues by gaining local interactive access to an affected computer and permissions to execute the affected application.
Solution / Fix
Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
References:
References:
- Apache Homepage (Apache Software Foundation)
- Apache HTTPD suEXEC Multiple Vulnerabilities (iDefense Labs)