Apache · Apache Http Server · CVE-2006-7098
**Name of the Vulnerable Software and Affected Versions**
Apache HTTP Server version 1.3.34-4
**Description**
The issue arises from the Debian GNU/Linux patch for the Apache HTTP Server, which fails to properly disassociate httpd from a controlling tty when started interactively. This allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
**Recommendations**
For Apache HTTP Server version 1.3.34-4, consider disabling interactive starts of httpd or restricting the use of CGI programs that call the TIOCSTI ioctl until a proper fix is applied.