Published: 03/03/2007 Updated: 29/07/2017
CVSS v2 Base Score: 6.6 | Impact Score: 10 | Exploitability Score: 2.7
VMScore: 665
Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Summary

The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.


/* :: Kristian Hermansen :: Date: 20070229 Description: Local attacker can influence Apache to direct commands into an open tty owned by user who started apache process, usually root This results in arbitrary command execution Affects: Apache 1333/1334 on Debian Stable/Testing/Unstable/Experimental and Ubuntu Warty (410)/ ...