CVE-2006-7098

CVE-2006-7098 · MEDIUM Severity

AV:L/AC:M/AU:S/C:C/I:C/A:C

The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.

Learn more about our Cis Benchmark Audit For Apache Http Server.