Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1452

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-1452
Last Modified 05 Sep 2008 04:41:25
Published 31 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-1452

Summary

Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.

Vulnerable Systems

Operating System

  • Gentoo Linux 0.5

  • Gentoo Linux 0.7

  • Gentoo Linux 1.1a

  • Gentoo Linux 1.2

  • Gentoo Linux 1.4


References

BID - 10951

GENTOO - GLSA-200408-15

SECUNIA - 12296

XF - gentoo-tomcat-gain-privileges(16993)


Last Updated: 27 May 2016 10:39:02