Gentoo: 200306-01 Moderate: Tomcat Insecure Directory Access Exploit
gentoo
June 2, 2003
Versions prior to tomcat-4.1.24 created /opt/tomcat with a directory mode which allowed users to access files containing passwords.
Summary
GENTOO LINUX SECURITY ANNOUNCEMENT 200306-01
Versions prior to tomcat-4.1.24 created /opt/tomcat with a directory mode which allowed users to access files containing passwords.
SOLUTION
Either upgrade to tomcat-4.1.24-r1 by running
emerge sync emerge tomcat emerge clean
or execute the following:
/etc/init.d/tomcat stop chmod -R 750 /opt/tomcat/ /etc/init.d/tomcat start
aliz@gentoo.org - GnuPG key is available at absinthe@gentoo.org
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
PACKAGE : tomcat
SUMMARY : insecure directory mode
DATE : 2003-06-01 12:08 UTC
EXPLOIT : local
VERSIONS AFFECTED : =tomcat-4.1.24-r1
CVE :
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!