Joined: 13 Jun 2003
Location: Dresden, Germany
|Posted: Sun Aug 15, 2004 3:36 pm Post subject: [ GLSA 200408-15 ] Tomcat: Insecure installation
|Gentoo Linux Security Advisory
Title: Tomcat: Insecure installation (GLSA 200408-15)
Date: August 15, 2004
Updated: May 22, 2006
Improper file ownership may allow a member of the tomcat group to execute scripts as root.
Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages.
Vulnerable: < 5.0.27-r3
Unaffected: >= 5.0.27-r3
Unaffected: >= 4.1.30-r4 < 4.1.31
Unaffected: >= 3.3.2-r2 < 3.3.3
Architectures: All supported architectures
The Gentoo ebuild for Tomcat sets the ownership of the Tomcat init scripts as tomcat:tomcat, but those scripts are executed with root privileges when the system is started. This may allow a member of the tomcat group to run arbitrary code with root privileges when the Tomcat init scripts are run.
This could lead to a local privilege escalation or root compromise by authenticated users.
Users may change the ownership of /etc/init.d/tomcat* and /etc/conf.d/tomcat* to be root:root:
|# chown -R root:root /etc/init.d/tomcat*
# chown -R root:root /etc/conf.d/tomcat*
All Tomcat users can upgrade to the latest stable version, or simply apply the workaround:
|# emerge sync
# emerge -pv ">=www-servers/tomcat-5.0.27-r3"
# emerge ">=www-servers/tomcat-5.0.27-r3"
Last edited by GLSA on Sat Jun 21, 2008 4:16 am; edited 6 times in total