Improper file ownership may allow a member of the tomcat group to execute scripts as root.
Package | www-servers/tomcat on all architectures |
---|---|
Affected versions | < 5.0.27-r3 |
Unaffected versions | >= 5.0.27-r3 revision >= 4.1.30-r4 revision >= 3.3.2-r2 |
Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages.
The Gentoo ebuild for Tomcat sets the ownership of the Tomcat init scripts as tomcat:tomcat, but those scripts are executed with root privileges when the system is started. This may allow a member of the tomcat group to run arbitrary code with root privileges when the Tomcat init scripts are run.
This could lead to a local privilege escalation or root compromise by authenticated users.
Users may change the ownership of /etc/init.d/tomcat* and /etc/conf.d/tomcat* to be root:root:
# chown -R root:root /etc/init.d/tomcat*
# chown -R root:root /etc/conf.d/tomcat*
All Tomcat users can upgrade to the latest stable version, or simply apply the workaround:
# emerge sync # emerge -pv ">=www-servers/tomcat-5.0.27-r3" # emerge ">=www-servers/tomcat-5.0.27-r3"
Release date
August 15, 2004
Latest revision
May 22, 2006: 04
Severity
normal
Exploitable
local
Bugzilla entries