Improper file ownership may allow a member of the tomcat group to execute scripts as root.
|Package||www-servers/tomcat on all architectures|
|Affected versions||< 5.0.27-r3|
|Unaffected versions||>= 5.0.27-r3
revision >= 4.1.30-r4
revision >= 3.3.2-r2
Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages.
The Gentoo ebuild for Tomcat sets the ownership of the Tomcat init scripts as tomcat:tomcat, but those scripts are executed with root privileges when the system is started. This may allow a member of the tomcat group to run arbitrary code with root privileges when the Tomcat init scripts are run.
This could lead to a local privilege escalation or root compromise by authenticated users.
Users may change the ownership of /etc/init.d/tomcat* and /etc/conf.d/tomcat* to be root:root:
# chown -R root:root /etc/init.d/tomcat* # chown -R root:root /etc/conf.d/tomcat*
All Tomcat users can upgrade to the latest stable version, or simply apply the workaround:
# emerge sync # emerge -pv ">=www-servers/tomcat-5.0.27-r3" # emerge ">=www-servers/tomcat-5.0.27-r3"
August 15, 2004
May 22, 2006: 04