tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation

It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation...

Hardcoded credentials

Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641...

CVE-2016-10089

Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641...

CVE-2016-10089

Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641...

jboss: jbossas: unsafe chown of server.log in jboss init script allows privilege escalation

It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation...

jboss: jbossas: unsafe chown of server.log in jboss init script allows privilege escalation

It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation...

CVE-2017-3265

Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root...

Apache Tomcat packaging on Debian-based distros - Local Root Privilege Escalation

I. VULNERABILITY ------------------------- Apache Tomcat® packaging on Debian-based distros - Local Root Privilege Escalation Affected debian packages: Tomcat 8 = 8.0.36-2 Tomcat 7 = 7.0.70-2 Tomcat 6 = 6.0.45+dfsg-1deb8u1 Ubuntu systems are also affected. See section VII. for details. Other...

Design/Logic Flaw

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu...

CVE-2016-1240

This CVE (CVE-2016-1240) affects the Tomcat init scripts in Debian/Ubuntu packages, allowing local users with Tomcat access to gain root via a symlink attack on the Catalina log file (e.g., /var/log/tomcat7/catalina.out). Affected packages and versions include: tomcat7 before 7.0.56-3+deb8u4 and ...

Apache Tomcat 8/7/6 (Debian-Based Distros) - Local Privilege Escalation

============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-1240 - Release date: 30.09.2016 - Revision: 1 - Severity: High ============================================= I. VULNERABILITY -------------------------...

Apache Tomcat on Debian-Based Distros - Privilege Escalation Vulnerability

Exploit for linux platform in category local exploits ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-1240 - Release date: 30.09.2016 - Revision: 1 - Severity: High...

CVE-2016-1240

It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation...

CVE-2016-1240

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu...

iptables-persistent '/etc/iptables' local information disclosure vulnerability

iptables-persistent is an init.d script used to make iptables rules restart continuously. A security vulnerability exists in iptables-persistent, which allows local attackers to exploit the vulnerability to obtain sensitive information...

SUSE-SU-2015:1565-1 Security update for tomcat6

This update for Tomcat fixes the following security issues: - CVE-2014-7810: Security manager bypass via EL expressions. bsc931442 It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could have used this flaw to...

Moderate: Red Hat Security Advisory: tomcat6 security and bug fix update

Updated tomcat6 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Updated glusterfs packages fix security vulnerabilities

Updated glusterfs packages fix security vulnerability: glusterfs was vulnerable to a fragment header infinite loop denial of service attack CVE-2014-3619. Also, the glusterfsd SysV init script was failing to properly start the service. This was fixed by replacing it with systemd unit files for th...

OracleVM 2.2 : ntp (OVMSA-2015-0002)

The remote OracleVM system is missing necessary patches to address critical security updates : - don't generate weak control key for resolver CVE-2014-9293 - don't generate weak MD5 keys in ntp-keygen CVE-2014-9294 - fix buffer overflows via specially-crafted packets CVE-2014-9295 - increase...

OracleVM 2.1 : ntp (OVMSA-2009-0011)

The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-0159 Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response...