What Are You Looking For?

Sign Up

- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200306-01
- - - ---------------------------------------------------------------------

          PACKAGE : tomcat
          SUMMARY : insecure directory mode
             DATE : 2003-06-01 12:08 UTC
          EXPLOIT : local
VERSIONS AFFECTED : =tomcat-4.1.24-r1
              CVE : 

- - - ---------------------------------------------------------------------

Versions prior to tomcat-4.1.24 created /opt/tomcat with a directory
mode which allowed users to access files containing passwords.

SOLUTION

Either upgrade to tomcat-4.1.24-r1 by running

emerge sync
emerge tomcat
emerge clean

or execute the following:

/etc/init.d/tomcat stop
chmod -R 750 /opt/tomcat/
/etc/init.d/tomcat start

- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
absinthe@gentoo.org
- - - ---------------------------------------------------------------------

Gentoo: tomcat file access vulnerability

Versions prior to tomcat-4.1.24 created /opt/tomcat with a directory mode which allowed users to access files containing passwords.

Summary


GENTOO LINUX SECURITY ANNOUNCEMENT 200306-01


Versions prior to tomcat-4.1.24 created /opt/tomcat with a directory
mode which allowed users to access files containing passwords.

SOLUTION

Either upgrade to tomcat-4.1.24-r1 by running

emerge sync
emerge tomcat
emerge clean

or execute the following:

/etc/init.d/tomcat stop
chmod -R 750 /opt/tomcat/
/etc/init.d/tomcat start

aliz@gentoo.org - GnuPG key is available at   
absinthe@gentoo.org

Resolution

References

Availability

Concerns

Severity
PACKAGE : tomcat
SUMMARY : insecure directory mode
DATE : 2003-06-01 12:08 UTC
EXPLOIT : local
VERSIONS AFFECTED : =tomcat-4.1.24-r1
CVE :

Synopsis

Background

Affected Packages

Impact

Workaround

Related News

Tails 5.20 Brings Latest Tor Browser, Ditches AdGuard Filter List

Nov 29, 2023

Linux Is Getting Its Own Blue Screen of Death with a New systemd Update

Dec 8, 2023

OpenSSL 3.2 Adds Support for TCP Fast Open on Linux, Argon2 KDF, and More

Nov 27, 2023

Severe Chromium Bug Threatens Sensitive Data, System Availability

Nov 13, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo