CVE-2006-7098

Debian apache - Local Privilege Escalation via TIOCSTI ioctl in CGI Program

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-7098. PoCs published by Kristian Hermansen.

AI-analyzed exploit summary This exploit leverages a vulnerability in Apache 1.3.33/1.3.34 on Debian/Ubuntu systems to inject commands into an open TTY owned by the root user. It uses the TIOCSTI ioctl to push commands into the terminal input buffer, resulting in arbitrary command execution.

Description

The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kristian Hermansen · clocallinux

https://www.exploit-db.com/exploits/3384

View Code ZIP pw:eip

This exploit leverages a vulnerability in Apache 1.3.33/1.3.34 on Debian/Ubuntu systems to inject commands into an open TTY owned by the root user. It uses the TIOCSTI ioctl to push commands into the terminal input buffer, resulting in arbitrary command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Apache 1.3.33/1.3.34 on Debian/Ubuntu

No auth needed

Prerequisites: CGI execution privileges · Apache service started manually by root via shell

MITRE ATT&CK