RSS   Vulnerabilities for 'Apache'   RSS

2007-03-03
 
CVE-2006-7098

CWE-264
 

 
The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.

 

 >>> Vendor: Debian 84 Products
Debian linux
Netkit
Elvis tiny
Sgml-tools
Netstd
Internet message
Mime-support
FSP
Lintian
Shadow-utils
Debmake
Tetex-bin
DPKG
Sympa
Bsmtpd
Toolchain-source
PPXP
Reportbug
Qpopper
Apt-cacher
Apt-setup
Backupninja
Kernel-patch-vserver
Libmail-audit-perl
Amaya
Base-config
Apache
GFAX
Debian-goodies
Reprepro
Guilt
UNP
Apt-listchanges
TSS
Aptlinex
Projectl
Horde
Turba
Honeyd common
Citadel server
Python-dns
Xsabre
FETA
Dpkg-cross
Myspell
Newsgate
Initramfs-tools
Os-prober
Mailscanner
LTP
Shadow
Horde imp
Horde groupware
Nss-ldap
APT
Libdbd-pg-perl
Mono-debugger
Tex-common
Apache2
Texlive-extra-utils
Php5-common
Logol
Devotee
Cifs-utils
Trousers
Bsdmainutils
Cfingerd
LATD
Txt2man
Adequate
Localepurge
Syncevolution
Axiom
Ppthtml
Xbuffy
Strongswan
Dpkg-dev
Kde4libs
Python-imaging
Exuberant ctags
Hivex
Dbd-firebird
Unattended-upgrades
FUSE


Copyright 2017, cxsecurity.com