1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200408-15 / tomcat |
| Release Date | August 15, 2004 |
| Latest Revision | May 22, 2006: 04 |
| Impact | normal |
| Exploitable | local |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| www-servers/tomcat | < 5.0.27-r3 | >= 5.0.27-r3, revision >= 4.1.30-r4, revision >= 3.3.2-r2 | All supported architectures |
Related bugreports: #59232
Improper file ownership may allow a member of the tomcat group to execute scripts as root.
Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages.
The Gentoo ebuild for Tomcat sets the ownership of the Tomcat init scripts as tomcat:tomcat, but those scripts are executed with root privileges when the system is started. This may allow a member of the tomcat group to run arbitrary code with root privileges when the Tomcat init scripts are run.
This could lead to a local privilege escalation or root compromise by authenticated users.
Users may change the ownership of /etc/init.d/tomcat* and /etc/conf.d/tomcat* to be root:root:
Code Listing 3.1: Workaround |
# chown -R root:root /etc/init.d/tomcat* # chown -R root:root /etc/conf.d/tomcat* |
All Tomcat users can upgrade to the latest stable version, or simply apply the workaround:
Code Listing 3.2: Resolution |
# emerge sync # emerge -pv ">=www-servers/tomcat-5.0.27-r3" # emerge ">=www-servers/tomcat-5.0.27-r3" |