Tomcat: Insecure installation

Tomcat: Insecure installation Improper file ownership may allow a member of the tomcat group to execute scripts as root. tomcat 2004-08-15 2006-05-22 59232 local 5.0.27-r3 4.1.30-r4 3.3.2-r2 5.0.27-r3

Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages.

The Gentoo ebuild for Tomcat sets the ownership of the Tomcat init scripts as tomcat:tomcat, but those scripts are executed with root privileges when the system is started. This may allow a member of the tomcat group to run arbitrary code with root privileges when the Tomcat init scripts are run.

This could lead to a local privilege escalation or root compromise by authenticated users.

Users may change the ownership of /etc/init.d/tomcat* and /etc/conf.d/tomcat* to be root:root:


    # chown -R root:root /etc/init.d/tomcat*
    # chown -R root:root /etc/conf.d/tomcat*

All Tomcat users can upgrade to the latest stable version, or simply apply the workaround:


    # emerge sync
    # emerge -pv ">=www-servers/tomcat-5.0.27-r3"
    # emerge ">=www-servers/tomcat-5.0.27-r3"

CVE-2004-1452 dmargoli