GLSA Bodhisattva
Joined: 13 Jun 2003 Posts: 4087 Location: Dresden, Germany
|
Posted: Sun Aug 15, 2004 3:36 pm Post subject: [ GLSA 200408-15 ] Tomcat: Insecure installation |
|
|
Gentoo Linux Security Advisory
Title: Tomcat: Insecure installation (GLSA 200408-15)
Severity: normal
Exploitable: local
Date: August 15, 2004
Updated: May 22, 2006
Bug(s): #59232
ID: 200408-15
Synopsis
Improper file ownership may allow a member of the tomcat group to execute scripts as root.
Background
Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages.
Affected Packages
Package: www-servers/tomcat
Vulnerable: < 5.0.27-r3
Unaffected: >= 5.0.27-r3
Unaffected: >= 4.1.30-r4 < 4.1.31
Unaffected: >= 3.3.2-r2 < 3.3.3
Architectures: All supported architectures
Description
The Gentoo ebuild for Tomcat sets the ownership of the Tomcat init scripts as tomcat:tomcat, but those scripts are executed with root privileges when the system is started. This may allow a member of the tomcat group to run arbitrary code with root privileges when the Tomcat init scripts are run.
Impact
This could lead to a local privilege escalation or root compromise by authenticated users.
Workaround
Users may change the ownership of /etc/init.d/tomcat* and /etc/conf.d/tomcat* to be root:root: Code: | # chown -R root:root /etc/init.d/tomcat*
# chown -R root:root /etc/conf.d/tomcat* |
Resolution
All Tomcat users can upgrade to the latest stable version, or simply apply the workaround: Code: | # emerge sync
# emerge -pv ">=www-servers/tomcat-5.0.27-r3"
# emerge ">=www-servers/tomcat-5.0.27-r3" |
References
CVE-2004-1452
Last edited by GLSA on Sat Jun 21, 2008 4:16 am; edited 6 times in total |
|