{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2007-1741","title":"Title"},{"category":"description","text":"Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because \"the attacks described rely on an insecure server configuration\" in which the user \"has write access to the document root.\"","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2007-1741","url":"https://www.suse.com/security/cve/CVE-2007-1741"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 263789 for CVE-2007-1741","url":"https://bugzilla.suse.com/263789"}],"title":"SUSE CVE CVE-2007-1741","tracking":{"current_release_date":"2025-03-17T03:10:30Z","generator":{"date":"2023-02-15T06:12:29Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2007-1741","initial_release_date":"2023-02-15T06:12:29Z","revision_history":[{"date":"2023-02-15T06:12:29Z","number":"2","summary":"Current version"},{"date":"2025-03-17T03:10:30Z","number":"3","summary":"Current version"}],"status":"interim","version":"3"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"HPE Helion OpenStack 8","product":{"name":"HPE Helion OpenStack 8","product_id":"HPE Helion OpenStack 8","product_identification_helper":{"cpe":"cpe:/o:suse:hpe-helion-openstack:8"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP2-BCL","product":{"name":"SUSE Linux Enterprise Server 12 SP2-BCL","product_id":"SUSE Linux Enterprise Server 12 SP2-BCL","product_identification_helper":{"cpe":"cpe:/o:suse:sles-bcl:12:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP3-BCL","product":{"name":"SUSE Linux Enterprise Server 12 SP3-BCL","product_id":"SUSE Linux Enterprise Server 12 SP3-BCL","product_identification_helper":{"cpe":"cpe:/o:suse:sles-bcl:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP3-ESPOS","product":{"name":"SUSE Linux Enterprise Server 12 SP3-ESPOS","product_id":"SUSE Linux Enterprise Server 12 SP3-ESPOS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-espos:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP3-LTSS","product":{"name":"SUSE Linux Enterprise Server 12 SP3-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP3-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server Teradata 12 SP3","product":{"name":"SUSE Linux Enterprise Server Teradata 12 SP3","product_id":"SUSE Linux Enterprise Server Teradata 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_teradata:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp3"}}},{"category":"product_name","name":"SUSE OpenStack Cloud 8","product":{"name":"SUSE OpenStack Cloud 8","product_id":"SUSE OpenStack Cloud 8","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud:8"}}},{"category":"product_name","name":"SUSE OpenStack Cloud Crowbar 8","product":{"name":"SUSE OpenStack Cloud Crowbar 8","product_id":"SUSE OpenStack Cloud Crowbar 8","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud-crowbar:8"}}},{"category":"product_version","name":"permissions","product":{"name":"permissions","product_id":"permissions","product_identification_helper":{"cpe":"cpe:2.3:a:suse:permissions:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/permissions@?upstream=permissions.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"permissions as component of HPE Helion OpenStack 8","product_id":"HPE Helion OpenStack 8:permissions"},"product_reference":"permissions","relates_to_product_reference":"HPE Helion OpenStack 8"},{"category":"default_component_of","full_product_name":{"name":"permissions as component of SUSE Linux Enterprise Server 12 SP2-BCL","product_id":"SUSE Linux Enterprise Server 12 SP2-BCL:permissions"},"product_reference":"permissions","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2-BCL"},{"category":"default_component_of","full_product_name":{"name":"permissions as component of SUSE Linux Enterprise Server 12 SP3-BCL","product_id":"SUSE Linux Enterprise Server 12 SP3-BCL:permissions"},"product_reference":"permissions","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3-BCL"},{"category":"default_component_of","full_product_name":{"name":"permissions as component of SUSE Linux Enterprise Server 12 SP3-ESPOS","product_id":"SUSE Linux Enterprise Server 12 SP3-ESPOS:permissions"},"product_reference":"permissions","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"permissions as component of SUSE Linux Enterprise Server 12 SP3-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP3-LTSS:permissions"},"product_reference":"permissions","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3-LTSS"},{"category":"default_component_of","full_product_name":{"name":"permissions as component of SUSE Linux Enterprise Server Teradata 12 SP3","product_id":"SUSE Linux Enterprise Server Teradata 12 SP3:permissions"},"product_reference":"permissions","relates_to_product_reference":"SUSE Linux Enterprise Server Teradata 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"permissions as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3:permissions"},"product_reference":"permissions","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"permissions as component of SUSE OpenStack Cloud 8","product_id":"SUSE OpenStack Cloud 8:permissions"},"product_reference":"permissions","relates_to_product_reference":"SUSE OpenStack Cloud 8"},{"category":"default_component_of","full_product_name":{"name":"permissions as component of SUSE OpenStack Cloud Crowbar 8","product_id":"SUSE OpenStack Cloud Crowbar 8:permissions"},"product_reference":"permissions","relates_to_product_reference":"SUSE OpenStack Cloud Crowbar 8"}]},"vulnerabilities":[{"cve":"CVE-2007-1741","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2007-1741"}],"notes":[{"category":"general","text":"Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because \"the attacks described rely on an insecure server configuration\" in which the user \"has write access to the document root.\"","title":"CVE description"}],"product_status":{"known_not_affected":["HPE Helion OpenStack 8:permissions","SUSE Linux Enterprise Server 12 SP2-BCL:permissions","SUSE Linux Enterprise Server 12 SP3-BCL:permissions","SUSE Linux Enterprise Server 12 SP3-ESPOS:permissions","SUSE Linux Enterprise Server 12 SP3-LTSS:permissions","SUSE Linux Enterprise Server Teradata 12 SP3:permissions","SUSE Linux Enterprise Server for SAP Applications 12 SP3:permissions","SUSE OpenStack Cloud 8:permissions","SUSE OpenStack Cloud Crowbar 8:permissions"]},"references":[{"category":"external","summary":"CVE-2007-1741","url":"https://www.suse.com/security/cve/CVE-2007-1741"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 263789 for CVE-2007-1741","url":"https://bugzilla.suse.com/263789"}],"threats":[{"category":"impact","date":"2013-06-28T00:55:26Z","details":"moderate"}],"title":"CVE-2007-1741"}]}