~ubuntu-security/ubuntu-cve-tracker/master : contents of retired/CVE-2006-7098 at revision 13266

~ubuntu-security/ubuntu-cve-tracker/master : (revision 13266)

browse files
view with revision information
view revision
view changes to this file
download file

PublicDate: 2007-03-03
Candidate: CVE-2006-7098
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7098
Description:
 The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server
 1.3.34-4 does not properly disassociate httpd from a controlling tty when
 httpd is started interactively, which allows local users to gain privileges
 to that tty via a CGI program that calls the TIOCSTI ioctl.
Ubuntu-Description: 
Notes: 
Bugs: 
#sid_PKG:
#dapper_PKG:
#edgy_PKG:
#feisty_PKG:
#devel_PKG:
dapper_apache: ignored (reached end-of-life)
edgy_apache: needed (reached end-of-life)
feisty_apache: needed (reached end-of-life)
gutsy_apache: DNE
hardy_apache: DNE
intrepid_apache: DNE
jaunty_apache: DNE
karmic_apache: DNE
devel_apache: DNE
upstream_apache: