ByteOS Network

NVD Vulnerability Details :

CVE-2006-7098

Modified

Source-cve@mitre.org

Published At-03 Mar, 2007 | 19:19

Updated At-29 Jul, 2017 | 01:29

The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.6	MEDIUM	AV:L/AC:M/Au:S/C:C/I:C/A:C

Type: Primary

Version: 2.0

Base score: 6.6

Base severity: MEDIUM

Vector:

AV:L/AC:M/Au:S/C:C/I:C/A:C

CPE Matches

Debian GNU/Linux

>>apache>>1.3.34.4

cpe:2.3:a:debian:apache:1.3.34.4:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

CWE ID: CWE-264

Type: Primary

Source: nvd@nist.gov

Vendor Statements

Organization : Apache

Last Modified : 2008-07-02T00:00:00

This issue did not affect the upstream Apache HTTP Server versions.

Organization : Red Hat

Last Modified : 2007-03-05T00:00:00

Not vulnerable. This issue was specific to a Debian patch to Apache HTTP Server.

References

Hyperlink	Source	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0579.html	cve@mitre.org	N/A
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=357561	cve@mitre.org	N/A
http://osvdb.org/33816	cve@mitre.org	N/A
http://secunia.com/advisories/24324	cve@mitre.org	Vendor Advisory
http://www.securityfocus.com/bid/22732	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/32708	cve@mitre.org	N/A