CVE-2004-1452

Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.gentoo.org/security/en/glsa/glsa-200408-15.xml	Patch
http://www.securityfocus.com/bid/10951	Patch
http://secunia.com/advisories/12296/	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/16993

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:gentoo:linux:1.1a:::::::*
	cpe:2.3:o:gentoo:linux:1.2:::::::*
	cpe:2.3:o:gentoo:linux:1.4:::::::*
	cpe:2.3:o:gentoo:linux:1.4:rc1::::::
	cpe:2.3:o:gentoo:linux:1.4:rc2::::::
	cpe:2.3:o:gentoo:linux:1.4:rc3::::::
	cpe:2.3:o:gentoo:linux:0.5:::::::*
	cpe:2.3:o:gentoo:linux:0.7:::::::*

Information

Published : 2004-12-30 21:00

Updated : 2017-07-10 18:31

NVD link : CVE-2004-1452

Mitre link : CVE-2004-1452

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

gentoo

linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-15.xml", "name": "GLSA-200408-15", "tags": ["Patch"], "refsource": "GENTOO"}, {"url": "http://www.securityfocus.com/bid/10951", "name": "10951", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/12296/", "name": "12296", "tags": ["Patch"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16993", "name": "gentoo-tomcat-gain-privileges(16993)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-1452", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:31Z"}