1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
PublicDate: 2007-03-03
Candidate: CVE-2006-7098
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7098
Description:
The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server
1.3.34-4 does not properly disassociate httpd from a controlling tty when
httpd is started interactively, which allows local users to gain privileges
to that tty via a CGI program that calls the TIOCSTI ioctl.
Ubuntu-Description:
Notes:
Bugs:
#sid_PKG:
#dapper_PKG:
#edgy_PKG:
#feisty_PKG:
#devel_PKG:
dapper_apache: ignored (reached end-of-life)
edgy_apache: needed (reached end-of-life)
feisty_apache: needed (reached end-of-life)
gutsy_apache: DNE
hardy_apache: DNE
intrepid_apache: DNE
jaunty_apache: DNE
karmic_apache: DNE
devel_apache: DNE
upstream_apache:
|