Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Red Hat: RHSA-2013:0869-01 Important: tomcat6 Privilege Escalation

red hat
Calendar Grey May 28, 2013
Scroller Redhat
Oracle announces a vital WebLogic security patch addressing severe vulnerabilities threatening corporate environments. Upgrade immediately!
Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

Summary

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976)
Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory.
It was found that the RHSA-2013:0623 update did not correctly fix CVE-2012-5887, a weakness in the Tomcat DIGEST authentication implementation. A remote attacker could use this flaw to perform replay attacks in some circumstances. Additionally, this problem also prevented users from being able to authenticate using DIGEST authentication. (CVE-2013-2051)
Red Hat would like to thank Simon Fayer of Imperial College London for reporting the CVE-2013-1976 issue.
Users of Tomcat are advised to upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.

References

https://access.redhat.com/security/cve/CVE-2013-1976 https://access.redhat.com/security/cve/CVE-2013-2051 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/errata/RHSA-2013:0623.html

Package List

Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
noarch: tomcat6-6.0.24-55.el6_4.noarch.rpm tomcat6-admin-webapps-6.0.24-55.el6_4.noarch.rpm tomcat6-docs-webapp-6.0.24-55.el6_4.noarch.rpm tomcat6-el-2.1-api-6.0.24-55.el6_4.noarch.rpm tomcat6-javadoc-6.0.24-55.el6_4.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-55.el6_4.noarch.rpm tomcat6-lib-6.0.24-55.el6_4.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-55.el6_4.noarch.rpm tomcat6-webapps-6.0.24-55.el6_4.noarch.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
noarch: tomcat6-6.0.24-55.el6_4.noarch.rpm tomcat6-admin-webapps-6.0.24-55.el6_4.noarch.rpm tomcat6-docs-webapp-6.0.24-55.el6_4.noarch.rpm tomcat6-el-2.1-api-6.0.24-55.el6_4.noarch.rpm tomcat6-javadoc-6.0.24-55.el6_4.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-55.el6_4.noarch.rpm tomcat6-lib-6.0.24-55.el6_4.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-55.el6_4.noarch.rpm tomcat6-webapps-6.0.24-55.el6_4.noarch.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
noarch: tomcat6-6.0.24-55.el6_4.noarch.rpm tomcat6-el-2.1-api-6.0.24-55.el6_4.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-55.el6_4.noarch.rpm tomcat6-lib-6.0.24-55.el6_4.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-55.el6_4.noarch.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
noarch:

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2013:0869-01
Product: Red Hat Enterprise Linux
Issue date: 2013-05-28

Topic

Updated tomcat6 packages that fix two security issues are now available forRed Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. Common Vulnerability Scoring System (CVSS) basescores, which give detailed severity ratings, are available for eachvulnerability from the CVE links in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch

Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch

Red Hat Enterprise Linux Server (v. 6) - noarch

Red Hat Enterprise Linux Server Optional (v. 6) - noarch

Red Hat Enterprise Linux Workstation (v. 6) - noarch

Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch

Bugs Fixed

927622 - CVE-2013-1976 tomcat: Improper TOMCAT_LOG management in init script (DoS, ACE)

959047 - CVE-2013-2051 tomcat: DIGEST authentication vulnerable to replay attacks

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.