Gentoo FoundationGLSA-200408-15Tomcat: Insecure installation
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
5.1%
Background
Tomcat is the Apache Jakarta Project’s official implementation of Java Servlets and Java Server Pages.
Description
The Gentoo ebuild for Tomcat sets the ownership of the Tomcat init scripts as tomcat:tomcat, but those scripts are executed with root privileges when the system is started. This may allow a member of the tomcat group to run arbitrary code with root privileges when the Tomcat init scripts are run.
Impact
This could lead to a local privilege escalation or root compromise by authenticated users.
Workaround
Users may change the ownership of /etc/init.d/tomcat* and /etc/conf.d/tomcat* to be root:root:
# chown -R root:root /etc/init.d/tomcat* # chown -R root:root /etc/conf.d/tomcat*
Resolution
All Tomcat users can upgrade to the latest stable version, or simply apply the workaround:
# emerge sync
# emerge -pv ">=www-servers/tomcat-5.0.27-r3"
# emerge ">=www-servers/tomcat-5.0.27-r3"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | www-servers/tomcat | < 5.0.27-r3 | UNKNOWN |
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
5.1%