CVE-2009-1195

Vulnerability Description

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlMailing List
• http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.htmlThird Party Advisory
• http://marc.info/?l=apache-httpd-dev&m=124048996106302&w=2Third Party Advisory
• http://marc.info/?l=bugtraq&m=129190899612998&w=2Third Party Advisory
• http://osvdb.org/54733Broken Link
• http://secunia.com/advisories/35261Third Party Advisory
• http://secunia.com/advisories/35264Third Party AdvisoryVendor Advisory
• http://secunia.com/advisories/35395Third Party Advisory
• http://secunia.com/advisories/35453Third Party Advisory
• http://secunia.com/advisories/35721Third Party Advisory
• http://secunia.com/advisories/37152Third Party Advisory
• http://security.gentoo.org/glsa/glsa-200907-04.xmlThird Party Advisory
• http://support.apple.com/kb/HT3937Third Party Advisory
• http://svn.apache.org/viewvc?view=rev&revision=772997ExploitPatchVendor Advisory
• http://wiki.rpath.com/Advisories:rPSA-2009-0142Third Party Advisory