Privilege Escalation in Tomcat on Gentoo Linux
CVE-2004-1452

Currently unrated

Key Information:

Vendor: Gentoo
Status: Linux
Vendor: CVE Published:; 31 December 2004

What is CVE-2004-1452?

Tomcat on Gentoo Linux versions prior to 5.0.27-r3 allows local users in the tomcat group to execute arbitrary commands as root due to improperly set default permissions on init scripts. Although the scripts are owned by the tomcat user, they are executed with root privileges, creating a significant security risk if the scripts are modified by users with access to the tomcat group.

References

http://www.securityfocus.com/bid/10951

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/16993

vdb-entryx_refsource_XF

http://www.gentoo.org/security/en/glsa/glsa-200408-15.xml

vendor-advisoryx_refsource_GENTOO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Feb 13, 2005
Vulnerability published
Dec 31, 2004