Vulnerabilities

CVE-2006-7098

by Fred · 03/03/2007

The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.

Date published : 2007-03-03

http://www.securityfocus.com/bid/22732

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=357561

Similar

Tags: Cybersecurity Alert