CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
5.1%
Tomcat is the Apache Jakarta Project’s official implementation of Java Servlets and Java Server Pages.
The Gentoo ebuild for Tomcat sets the ownership of the Tomcat init scripts as tomcat:tomcat, but those scripts are executed with root privileges when the system is started. This may allow a member of the tomcat group to run arbitrary code with root privileges when the Tomcat init scripts are run.
This could lead to a local privilege escalation or root compromise by authenticated users.
Users may change the ownership of /etc/init.d/tomcat* and /etc/conf.d/tomcat* to be root:root:
# chown -R root:root /etc/init.d/tomcat* # chown -R root:root /etc/conf.d/tomcat*
All Tomcat users can upgrade to the latest stable version, or simply apply the workaround:
# emerge sync
# emerge -pv ">=www-servers/tomcat-5.0.27-r3"
# emerge ">=www-servers/tomcat-5.0.27-r3"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | www-servers/tomcat | < 5.0.27-r3 | UNKNOWN |