Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Gentoo: 200306-01 Moderate: Tomcat Insecure Directory Access Exploit

gentoo
Calendar Grey June 2, 2003
Dist Gentoo Esm H88
Gentoo advisory warns of security vulnerabilities in tomcat related to improper file permissions that may enable unauthorized access. Immediate upgrade is advised.
Versions prior to tomcat-4.1.24 created /opt/tomcat with a directory mode which allowed users to access files containing passwords.

Summary


GENTOO LINUX SECURITY ANNOUNCEMENT 200306-01


Versions prior to tomcat-4.1.24 created /opt/tomcat with a directory mode which allowed users to access files containing passwords.
SOLUTION
Either upgrade to tomcat-4.1.24-r1 by running
emerge sync emerge tomcat emerge clean
or execute the following:
/etc/init.d/tomcat stop chmod -R 750 /opt/tomcat/ /etc/init.d/tomcat start
aliz@gentoo.org - GnuPG key is available at absinthe@gentoo.org

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
important
Lowest
Low
Medium
High
Critical

PACKAGE : tomcat
SUMMARY : insecure directory mode
DATE : 2003-06-01 12:08 UTC
EXPLOIT : local
VERSIONS AFFECTED : =tomcat-4.1.24-r1
CVE :

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround