Gentoo Linux Tomcat gain privileges
| gentoo-tomcat-gain-privileges (16993) |  High Risk |
Description:
Gentoo Linux could allow a local attacker to gain elevated privileges on the system, caused by a vulnerability in the Apache Tomcat package versions prior to 5.0.27-r3. Apache Tomcat is a Java application server used with Apache HTTP Server to support JavaServer Pages (JSP) and Java servlets. A local attacker, with 'tomcat' privileges, could execute arbitrary code on the system with root privileges.
Consequences:
Gain Privileges
Remedy:
Upgrade to the latest version of tomcat (5.0.27-r3 or later), as listed in GLSA 200408-15. See References.
References:
- BID-10951: Gentoo Linux Tomcat EBuild Insecure Install Permissions Vulnerability
- CVE-2004-1452: Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.
- GLSA-200408-15: Tomcat: Insecure installation
- SA12296: Gentoo Tomcat Privilege Escalation Vulnerability
Platforms Affected:
- Gentoo Linux
Reported:
Aug 15, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net