Lucene search

[email protected]CVE-2006-7098

HistoryMar 03, 2007 - 7:19 p.m.

CVE-2006-7098

2007-03-0319:19:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2006-7098

debian

gnu/linux

apache http server

privilege escalation

cgi

tiocstiioctl

6.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.

Affected configurations

NVD

Node

debianapacheMatch1.3.34.4

CPENameOperatorVersion
debian:apachedebian apacheeq1.3.34.4

CPE	Name	Operator	Version
debian:apache	debian apache	eq	1.3.34.4

References

archives.neohapsis.com/archives/fulldisclosure/2007-02/0579.html

bugs.debian.org/cgi-bin/bugreport.cgi?bug=357561

osvdb.org/33816

secunia.com/advisories/24324

www.securityfocus.com/bid/22732

exchange.xforce.ibmcloud.com/vulnerabilities/32708

6.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2006-7098

nvd1 redhatcve1 ubuntucve1 cvelist1