[Bug 1376712] New: CVE-2016-1240 tomcat: Local privilege escalation via unsafe file handling in the Tomcat init script
3:38 a.m.
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Bug ID: 1376712
Summary: CVE-2016-1240 tomcat: Local privilege escalation via
unsafe file handling in the Tomcat init script
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: alee(a)redhat.com, aszczucz(a)redhat.com,
bbaranow(a)redhat.com, bdawidow(a)redhat.com,
bgollahe(a)redhat.com, bmaxwell(a)redhat.com,
ccoleman(a)redhat.com, cdewolf(a)redhat.com,
chazlett(a)redhat.com, csutherl(a)redhat.com,
dandread(a)redhat.com, darran.lofthouse(a)redhat.com,
dedgar(a)redhat.com, dmcphers(a)redhat.com,
dosoudil(a)redhat.com, epp-bugs(a)redhat.com,
felias(a)redhat.com, fnasser(a)redhat.com,
hchiorea(a)redhat.com, hfnukal(a)redhat.com,
hhorak(a)redhat.com, ivan.afonichev(a)gmail.com,
jason.greene(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jboss-set(a)redhat.com,
jclere(a)redhat.com, jcoleman(a)redhat.com,
jdg-bugs(a)redhat.com, jdoyle(a)redhat.com,
jgoulding(a)redhat.com, jialiu(a)redhat.com,
joelsmith(a)redhat.com, jokerman(a)redhat.com,
jolee(a)redhat.com, jorton(a)redhat.com,
jpallich(a)redhat.com, jshepherd(a)redhat.com,
kanderso(a)redhat.com, krzysztof.daniel(a)gmail.com,
lgao(a)redhat.com, lmeyer(a)redhat.com,
mbabacek(a)redhat.com, mbaluch(a)redhat.com,
me(a)coolsvap.net, miburman(a)redhat.com,
mizdebsk(a)redhat.com, mmccomas(a)redhat.com,
mnewsome(a)redhat.com, mweiler(a)redhat.com,
myarboro(a)redhat.com, nwallace(a)redhat.com,
ohudlick(a)redhat.com, pavelp(a)redhat.com,
pgier(a)redhat.com, psakar(a)redhat.com,
pslavice(a)redhat.com, rnetuka(a)redhat.com,
rsvoboda(a)redhat.com, rzima(a)redhat.com,
spinder(a)redhat.com, theute(a)redhat.com,
trick(a)vanstaveren.us, ttarrant(a)redhat.com,
twalsh(a)redhat.com, vhalbert(a)redhat.com,
vtunka(a)redhat.com, weli(a)redhat.com
It was reported that the Tomcat init script performed unsafe file handling,
which could result in local privilege escalation.
References:
http://seclists.org/bugtraq/2016/Sep/26
--
You are receiving this mail because:
You are on the CC list for the bug.
3:39 a.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: Local privilege escalation via unsafe file handling in the Tomcat init script
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Andrej Nemec <anemec(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1362547
--
You are receiving this mail because:
You are on the CC list for the bug.
3:42 a.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: Local privilege escalation via unsafe file handling in the Tomcat init script
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
--- Comment #1 from Tomas Hoger <thoger(a)redhat.com> ---
Debian advisories for tomcat7 and tomcat8 for this CVE:
https://www.debian.org/security/2016/dsa-3669
https://www.debian.org/security/2016/dsa-3670
--
You are receiving this mail because:
You are on the CC list for the bug.
3:43 a.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: Local privilege escalation via unsafe file handling in the Tomcat init script
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
--- Comment #2 from Tomas Hoger <thoger(a)redhat.com> ---
Created attachment 1201569
--> https://bugzilla.redhat.com/attachment.cgi?id=1201569&action=edit
Debian patch for tomcat7
--
You are receiving this mail because:
You are on the CC list for the bug.
3:44 a.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: Local privilege escalation via unsafe file handling in the Tomcat init script
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
--- Comment #3 from Tomas Hoger <thoger(a)redhat.com> ---
Created attachment 1201570
--> https://bugzilla.redhat.com/attachment.cgi?id=1201570&action=edit
Debian patch for tomcat8
--
You are receiving this mail because:
You are on the CC list for the bug.
3:46 a.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: Local privilege escalation via unsafe file handling in the Tomcat init script
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Andrej Nemec <anemec(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1376716
--- Comment #4 from Andrej Nemec <anemec(a)redhat.com> ---
Created tomcat tracking bugs for this issue:
Affects: fedora-all [bug 1376716]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1376716
[Bug 1376716] CVE-2016-1240 tomcat: Local privilege escalation via unsafe
file handling in the Tomcat init script [fedora-all]
--
You are receiving this mail because:
You are on the CC list for the bug.
3:47 a.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: Local privilege escalation via unsafe file handling in the Tomcat init script
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Andrej Nemec <anemec(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|60915,reported=20160915,sou |60915,reported=20160915,sou
|rce=bugtraq,cvss2=6.9/AV:L/ |rce=bugtraq,cvss2=6.9/AV:L/
|AC:M/Au:N/C:C/I:C/A:C,cvss3 |AC:M/Au:N/C:C/I:C/A:C,cvss3
|=7.0/CVSS:3.0/AV:L/AC:H/PR: |=7.0/CVSS:3.0/AV:L/AC:H/PR:
|L/UI:N/S:U/C:H/I:H/A:H,cwe= |L/UI:N/S:U/C:H/I:H/A:H,cwe=
|CWE-284,rhel-5/tomcat5=new, |CWE-284,rhel-5/tomcat5=new,
|rhel-6/tomcat6=new,rhel-7/t |rhel-6/tomcat6=new,rhel-7/t
|omcat=new,fedora-all/tomcat |omcat=new,fedora-all/tomcat
|=affected,epel-6/tomcat=new |=affected,epel-6/tomcat=aff
|,dts-3.1/devtoolset-3-tomca |ected,dts-3.1/devtoolset-3-
|t=new,rhscl-2/rh-java-commo |tomcat=new,rhscl-2/rh-java-
|n-tomcat=new,jbews-2/tomcat |common-tomcat=new,jbews-2/t
|6=new,jbews-2/tomcat7=new,j |omcat6=new,jbews-2/tomcat7=
|bews-3/tomcat6=new,jbews-3/ |new,jbews-3/tomcat6=new,jbe
|tomcat7=new,eap-6/tomcat7=n |ws-3/tomcat7=new,eap-6/tomc
|ew,eap-6/jbossweb=new,eap-7 |at7=new,eap-6/jbossweb=new,
|/Scripts=new,jdg-6/jbossweb |eap-7/Scripts=new,jdg-6/jbo
|=new,jdv-6/jbossweb=new,jon |ssweb=new,jdv-6/jbossweb=ne
|-3/jbossweb=new,jpp-6/jboss |w,jon-3/jbossweb=new,jpp-6/
|web=new,openshift-1/jbosswe |jbossweb=new,openshift-1/jb
|b=new |ossweb=new
--
You are receiving this mail because:
You are on the CC list for the bug.
3:48 a.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: Local privilege escalation via unsafe file handling in the Tomcat init script
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Andrej Nemec <anemec(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1376718
--- Comment #5 from Andrej Nemec <anemec(a)redhat.com> ---
Created tomcat tracking bugs for this issue:
Affects: epel-6 [bug 1376718]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1376718
[Bug 1376718] CVE-2016-1240 tomcat: Local privilege escalation via unsafe
file handling in the Tomcat init script [epel-6]
--
You are receiving this mail because:
You are on the CC list for the bug.
4 a.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: Local privilege escalation via unsafe file handling in the Tomcat init script
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
--- Comment #6 from Tomas Hoger <thoger(a)redhat.com> ---
This is the flaw description in the Debian packages changelog:
* Fix CVE-2016-1240:
tomcat7.init: Protect /var/log/tomcat7/catalina.out against symlink
attacks and a possible root privilege escalation.
Their init script used to chown catalina.out. Brief look at initscripts for
tomcat6 in Red Hat Enterprise Linux 6 and tomcat5 in Red Hat Enterprise Linux 5
suggest those scripts don't do any similar ownership change. chown is only
used to set owner of catalina.pid, created in /var/run/, which is not writeable
to the tomcat user.
--
You are receiving this mail because:
You are on the CC list for the bug.
9:48 a.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: Local privilege escalation via unsafe file handling in the Tomcat init script
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|60915,reported=20160915,sou |60915,reported=20160915,sou
|rce=bugtraq,cvss2=6.9/AV:L/ |rce=bugtraq,cvss2=6.9/AV:L/
|AC:M/Au:N/C:C/I:C/A:C,cvss3 |AC:M/Au:N/C:C/I:C/A:C,cvss3
|=7.0/CVSS:3.0/AV:L/AC:H/PR: |=7.0/CVSS:3.0/AV:L/AC:H/PR:
|L/UI:N/S:U/C:H/I:H/A:H,cwe= |L/UI:N/S:U/C:H/I:H/A:H,cwe=
|CWE-284,rhel-5/tomcat5=new, |CWE-284,rhel-5/tomcat5=nota
|rhel-6/tomcat6=new,rhel-7/t |ffected,rhel-6/tomcat6=nota
|omcat=new,fedora-all/tomcat |ffected,rhel-7/tomcat=notaf
|=affected,epel-6/tomcat=aff |fected,fedora-all/tomcat=no
|ected,dts-3.1/devtoolset-3- |taffected,epel-6/tomcat=aff
|tomcat=new,rhscl-2/rh-java- |ected,dts-3.1/devtoolset-3-
|common-tomcat=new,jbews-2/t |tomcat=notaffected,rhscl-2/
|omcat6=new,jbews-2/tomcat7= |rh-java-common-tomcat=notaf
|new,jbews-3/tomcat6=new,jbe |fected,jbews-2/tomcat6=new,
|ws-3/tomcat7=new,eap-6/tomc |jbews-2/tomcat7=new,jbews-3
|at7=new,eap-6/jbossweb=new, |/tomcat6=new,jbews-3/tomcat
|eap-7/Scripts=new,jdg-6/jbo |7=new,eap-6/tomcat7=new,eap
|ssweb=new,jdv-6/jbossweb=ne |-6/jbossweb=new,eap-7/Scrip
|w,jon-3/jbossweb=new,jpp-6/ |ts=new,jdg-6/jbossweb=new,j
|jbossweb=new,openshift-1/jb |dv-6/jbossweb=new,jon-3/jbo
|ossweb=new |ssweb=new,jpp-6/jbossweb=ne
| |w,openshift-1/jbossweb=new
--- Comment #7 from Tomas Hoger <thoger(a)redhat.com> ---
As noted above, Tomcat init scripts in Red Hat Enterprise Linux 5 and 6 do not
attempt to chown catalina.out in a directory writeable to the tomcat user.
Tomcat packages in Red Hat Enterprise Linux 7 do not use init script, but use
systemd service unit file. There are no ownership changed done on Tomcat
startup, and any start/stop actions for Tomcat on Red Hat Enterprise Linux 7
are executed directly under tomcat user and group and not with root privileges.
Hence Tomcat in Red Hat Enterprise Linux 7 is also unaffected.
Note that EPEL-6 tomcat packages are affected by this problem.
--
You are receiving this mail because:
You are on the CC list for the bug.
9:49 a.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|CVE-2016-1240 tomcat: Local |CVE-2016-1240 tomcat:
|privilege escalation via |unsafe chown of
|unsafe file handling in the |catalina.log in tomcat init
|Tomcat init script |script allows privilege
| |escalation
--
You are receiving this mail because:
You are on the CC list for the bug.
9:54 a.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Bug 1376712 depends on bug 1376716, which changed state.
Bug 1376716 Summary: CVE-2016-1240 tomcat: Local privilege escalation via unsafe file
handling in the Tomcat init script [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1376716
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |NOTABUG
--
You are receiving this mail because:
You are on the CC list for the bug.
12:55 a.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Timothy Walsh <twalsh(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|60915,reported=20160915,sou |60915,reported=20160915,sou
|rce=bugtraq,cvss2=6.9/AV:L/ |rce=bugtraq,cvss2=6.9/AV:L/
|AC:M/Au:N/C:C/I:C/A:C,cvss3 |AC:M/Au:N/C:C/I:C/A:C,cvss3
|=7.0/CVSS:3.0/AV:L/AC:H/PR: |=7.0/CVSS:3.0/AV:L/AC:H/PR:
|L/UI:N/S:U/C:H/I:H/A:H,cwe= |L/UI:N/S:U/C:H/I:H/A:H,cwe=
|CWE-284,rhel-5/tomcat5=nota |CWE-284,rhel-5/tomcat5=nota
|ffected,rhel-6/tomcat6=nota |ffected,rhel-6/tomcat6=nota
|ffected,rhel-7/tomcat=notaf |ffected,rhel-7/tomcat=notaf
|fected,fedora-all/tomcat=no |fected,fedora-all/tomcat=no
|taffected,epel-6/tomcat=aff |taffected,epel-6/tomcat=aff
|ected,dts-3.1/devtoolset-3- |ected,dts-3.1/devtoolset-3-
|tomcat=notaffected,rhscl-2/ |tomcat=notaffected,rhscl-2/
|rh-java-common-tomcat=notaf |rh-java-common-tomcat=notaf
|fected,jbews-2/tomcat6=new, |fected,jbews-2/tomcat6=new,
|jbews-2/tomcat7=new,jbews-3 |jbews-2/tomcat7=new,jbews-3
|/tomcat6=new,jbews-3/tomcat |/tomcat7=new,jbews-3/tomcat
|7=new,eap-6/tomcat7=new,eap |8=new,jws-3/tomcat7=new,jws
|-6/jbossweb=new,eap-7/Scrip |-3/tomcat8=new,eap-6/jbossw
|ts=new,jdg-6/jbossweb=new,j |eb=new,eap-7/Scripts=new,jd
|dv-6/jbossweb=new,jon-3/jbo |g-6/jbossweb=new,jdv-6/jbos
|ssweb=new,jpp-6/jbossweb=ne |sweb=new,jon-3/jbossweb=new
|w,openshift-1/jbossweb=new |,jpp-6/jbossweb=new,openshi
| |ft-1/jbossweb=new
--
You are receiving this mail because:
You are on the CC list for the bug.
1:24 a.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Timothy Walsh <twalsh(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|60915,reported=20160915,sou |60915,reported=20160915,sou
|rce=bugtraq,cvss2=6.9/AV:L/ |rce=bugtraq,cvss2=6.9/AV:L/
|AC:M/Au:N/C:C/I:C/A:C,cvss3 |AC:M/Au:N/C:C/I:C/A:C,cvss3
|=7.0/CVSS:3.0/AV:L/AC:H/PR: |=7.0/CVSS:3.0/AV:L/AC:H/PR:
|L/UI:N/S:U/C:H/I:H/A:H,cwe= |L/UI:N/S:U/C:H/I:H/A:H,cwe=
|CWE-284,rhel-5/tomcat5=nota |CWE-284,rhel-5/tomcat5=nota
|ffected,rhel-6/tomcat6=nota |ffected,rhel-6/tomcat6=nota
|ffected,rhel-7/tomcat=notaf |ffected,rhel-7/tomcat=notaf
|fected,fedora-all/tomcat=no |fected,fedora-all/tomcat=no
|taffected,epel-6/tomcat=aff |taffected,epel-6/tomcat=aff
|ected,dts-3.1/devtoolset-3- |ected,dts-3.1/devtoolset-3-
|tomcat=notaffected,rhscl-2/ |tomcat=notaffected,rhscl-2/
|rh-java-common-tomcat=notaf |rh-java-common-tomcat=notaf
|fected,jbews-2/tomcat6=new, |fected,jbews-2/tomcat6=new,
|jbews-2/tomcat7=new,jbews-3 |jbews-2/tomcat7=new,jbews-3
|/tomcat7=new,jbews-3/tomcat |/tomcat7=affected,jbews-3/t
|8=new,jws-3/tomcat7=new,jws |omcat8=affected,jws-3/tomca
|-3/tomcat8=new,eap-6/jbossw |t7=affected,jws-3/tomcat8=a
|eb=new,eap-7/Scripts=new,jd |ffected,eap-6/jbossweb=new,
|g-6/jbossweb=new,jdv-6/jbos |eap-7/Scripts=new,jdg-6/jbo
|sweb=new,jon-3/jbossweb=new |ssweb=new,jdv-6/jbossweb=ne
|,jpp-6/jbossweb=new,openshi |w,jon-3/jbossweb=new,jpp-6/
|ft-1/jbossweb=new |jbossweb=new,openshift-1/jb
| |ossweb=new
--
You are receiving this mail because:
You are on the CC list for the bug.
3:55 a.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
--- Comment #12 from Tomas Hoger <thoger(a)redhat.com> ---
Reporter's advisory has now been published.
External References:
http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalati...
--
You are receiving this mail because:
You are on the CC list for the bug.
1:47 p.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Bug 1376712 depends on bug 1376718, which changed state.
Bug 1376718 Summary: CVE-2016-1240 tomcat: Local privilege escalation via unsafe file
handling in the Tomcat init script [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=1376718
What |Removed |Added
----------------------------------------------------------------------------
Status|ON_QA |CLOSED
Resolution|--- |ERRATA
--
You are receiving this mail because:
You are on the CC list for the bug.
12:26 a.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Timothy Walsh <twalsh(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gzaronik(a)redhat.com,
| |hchiorea(a)redhat.com
Whiteboard|impact=important,public=201 |impact=important,public=201
|60915,reported=20160915,sou |60915,reported=20160915,sou
|rce=bugtraq,cvss2=6.9/AV:L/ |rce=bugtraq,cvss2=6.9/AV:L/
|AC:M/Au:N/C:C/I:C/A:C,cvss3 |AC:M/Au:N/C:C/I:C/A:C,cvss3
|=7.0/CVSS:3.0/AV:L/AC:H/PR: |=7.0/CVSS:3.0/AV:L/AC:H/PR:
|L/UI:N/S:U/C:H/I:H/A:H,cwe= |L/UI:N/S:U/C:H/I:H/A:H,cwe=
|CWE-284,rhel-5/tomcat5=nota |CWE-284,rhel-5/tomcat5=nota
|ffected,rhel-6/tomcat6=nota |ffected,rhel-6/tomcat6=nota
|ffected,rhel-7/tomcat=notaf |ffected,rhel-7/tomcat=notaf
|fected,fedora-all/tomcat=no |fected,fedora-all/tomcat=no
|taffected,epel-6/tomcat=aff |taffected,epel-6/tomcat=aff
|ected,dts-3.1/devtoolset-3- |ected,dts-3.1/devtoolset-3-
|tomcat=notaffected,rhscl-2/ |tomcat=notaffected,rhscl-2/
|rh-java-common-tomcat=notaf |rh-java-common-tomcat=notaf
|fected,jbews-2/tomcat6=new, |fected,jbews-2/tomcat6=new,
|jbews-2/tomcat7=new,jbews-3 |jbews-2/tomcat7=new,jbews-3
|/tomcat7=affected,jbews-3/t |/tomcat7=defer,jbews-3/tomc
|omcat8=affected,jws-3/tomca |at8=defer,jws-3/tomcat7=aff
|t7=affected,jws-3/tomcat8=a |ected,jws-3/tomcat8=affecte
|ffected,eap-6/jbossweb=new, |d,eap-6/jbossweb=new,eap-7/
|eap-7/Scripts=new,jdg-6/jbo |Scripts=new,jdg-6/jbossweb=
|ssweb=new,jdv-6/jbossweb=ne |new,jdv-6/jbossweb=new,jon-
|w,jon-3/jbossweb=new,jpp-6/ |3/jbossweb=new,jpp-6/jbossw
|jbossweb=new,openshift-1/jb |eb=new,openshift-1/jbossweb
|ossweb=new |=new
--
You are receiving this mail because:
You are on the CC list for the bug.
7:21 a.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Timothy Walsh <twalsh(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|60915,reported=20160915,sou |60915,reported=20160915,sou
|rce=bugtraq,cvss2=6.9/AV:L/ |rce=bugtraq,cvss2=6.9/AV:L/
|AC:M/Au:N/C:C/I:C/A:C,cvss3 |AC:M/Au:N/C:C/I:C/A:C,cvss3
|=7.0/CVSS:3.0/AV:L/AC:H/PR: |=7.0/CVSS:3.0/AV:L/AC:H/PR:
|L/UI:N/S:U/C:H/I:H/A:H,cwe= |L/UI:N/S:U/C:H/I:H/A:H,cwe=
|CWE-284,rhel-5/tomcat5=nota |CWE-284,rhel-5/tomcat5=nota
|ffected,rhel-6/tomcat6=nota |ffected,rhel-6/tomcat6=nota
|ffected,rhel-7/tomcat=notaf |ffected,rhel-7/tomcat=notaf
|fected,fedora-all/tomcat=no |fected,fedora-all/tomcat=no
|taffected,epel-6/tomcat=aff |taffected,epel-6/tomcat=aff
|ected,dts-3.1/devtoolset-3- |ected,dts-3.1/devtoolset-3-
|tomcat=notaffected,rhscl-2/ |tomcat=notaffected,rhscl-2/
|rh-java-common-tomcat=notaf |rh-java-common-tomcat=notaf
|fected,jbews-2/tomcat6=new, |fected,jbews-2/tomcat6=wont
|jbews-2/tomcat7=new,jbews-3 |fix,jbews-2/tomcat7=wontfix
|/tomcat7=defer,jbews-3/tomc |,jbews-3/tomcat7=defer,jbew
|at8=defer,jws-3/tomcat7=aff |s-3/tomcat8=defer,jws-3/tom
|ected,jws-3/tomcat8=affecte |cat7=affected,jws-3/tomcat8
|d,eap-6/jbossweb=new,eap-7/ |=affected,eap-6/jbossweb=ne
|Scripts=new,jdg-6/jbossweb= |w,eap-7/Scripts=new,jdg-6/j
|new,jdv-6/jbossweb=new,jon- |bossweb=new,jdv-6/jbossweb=
|3/jbossweb=new,jpp-6/jbossw |new,jon-3/jbossweb=new,jpp-
|eb=new,openshift-1/jbossweb |6/jbossweb=new,openshift-1/
|=new |jbossweb=new
--
You are receiving this mail because:
You are on the CC list for the bug.
5:22 a.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Timothy Walsh <twalsh(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1428325
--
You are receiving this mail because:
You are on the CC list for the bug.
12:02 a.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
--- Doc Text *updated* by Timothy Walsh <twalsh(a)redhat.com> ---
It was reported that the Tomcat init script performed unsafe file handling, which could
result in local privilege escalation.
--
You are receiving this mail because:
You are on the CC list for the bug.
1:07 p.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
--- Comment #13 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Via RHSA-2017:0457 https://rhn.redhat.com/errata/RHSA-2017-0457.html
--
You are receiving this mail because:
You are on the CC list for the bug.
1:12 p.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
--- Comment #14 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat JBoss Web Server 3 for RHEL 7
Via RHSA-2017:0456 https://access.redhat.com/errata/RHSA-2017:0456
--
You are receiving this mail because:
You are on the CC list for the bug.
1:16 p.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
--- Comment #15 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat JBoss Web Server 3 for RHEL 6
Via RHSA-2017:0455 https://access.redhat.com/errata/RHSA-2017:0455
--
You are receiving this mail because:
You are on the CC list for the bug.
7:37 p.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Kurt Seifried <kseifried(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|60915,reported=20160915,sou |60915,reported=20160915,sou
|rce=bugtraq,cvss2=6.9/AV:L/ |rce=bugtraq,cvss2=6.9/AV:L/
|AC:M/Au:N/C:C/I:C/A:C,cvss3 |AC:M/Au:N/C:C/I:C/A:C,cvss3
|=7.0/CVSS:3.0/AV:L/AC:H/PR: |=7.0/CVSS:3.0/AV:L/AC:H/PR:
|L/UI:N/S:U/C:H/I:H/A:H,cwe= |L/UI:N/S:U/C:H/I:H/A:H,cwe=
|CWE-284,rhel-5/tomcat5=nota |CWE-284,rhel-5/tomcat5=nota
|ffected,rhel-6/tomcat6=nota |ffected,rhel-6/tomcat6=nota
|ffected,rhel-7/tomcat=notaf |ffected,rhel-7/tomcat=notaf
|fected,fedora-all/tomcat=no |fected,fedora-all/tomcat=no
|taffected,epel-6/tomcat=aff |taffected,epel-6/tomcat=aff
|ected,dts-3.1/devtoolset-3- |ected,dts-3.1/devtoolset-3-
|tomcat=notaffected,rhscl-2/ |tomcat=notaffected,rhscl-2/
|rh-java-common-tomcat=notaf |rh-java-common-tomcat=notaf
|fected,jbews-2/tomcat6=wont |fected,jbews-2/tomcat6=wont
|fix,jbews-2/tomcat7=wontfix |fix,jbews-2/tomcat7=wontfix
|,jbews-3/tomcat7=defer,jbew |,jbews-3/tomcat7=defer,jbew
|s-3/tomcat8=defer,jws-3/tom |s-3/tomcat8=defer,jws-3/tom
|cat7=affected,jws-3/tomcat8 |cat7=affected,jws-3/tomcat8
|=affected,eap-6/jbossweb=ne |=affected,eap-6/jbossweb=ne
|w,eap-7/Scripts=new,jdg-6/j |w,eap-7/Scripts=new,jdg-6/j
|bossweb=new,jdv-6/jbossweb= |bossweb=new,jdv-6/jbossweb=
|new,jon-3/jbossweb=new,jpp- |new,jon-3/jbossweb=new,jpp-
|6/jbossweb=new,openshift-1/ |6/jbossweb=new,openshift-1/
|jbossweb=new |jbossweb=defer
--
You are receiving this mail because:
You are on the CC list for the bug.
7:41 p.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Kurt Seifried <kseifried(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|60915,reported=20160915,sou |60915,reported=20160915,sou
|rce=bugtraq,cvss2=6.9/AV:L/ |rce=bugtraq,cvss2=6.9/AV:L/
|AC:M/Au:N/C:C/I:C/A:C,cvss3 |AC:M/Au:N/C:C/I:C/A:C,cvss3
|=7.0/CVSS:3.0/AV:L/AC:H/PR: |=7.0/CVSS:3.0/AV:L/AC:H/PR:
|L/UI:N/S:U/C:H/I:H/A:H,cwe= |L/UI:N/S:U/C:H/I:H/A:H,cwe=
|CWE-284,rhel-5/tomcat5=nota |CWE-284,rhel-5/tomcat5=nota
|ffected,rhel-6/tomcat6=nota |ffected,rhel-6/tomcat6=nota
|ffected,rhel-7/tomcat=notaf |ffected,rhel-7/tomcat=notaf
|fected,fedora-all/tomcat=no |fected,fedora-all/tomcat=no
|taffected,epel-6/tomcat=aff |taffected,epel-6/tomcat=aff
|ected,dts-3.1/devtoolset-3- |ected,dts-3.1/devtoolset-3-
|tomcat=notaffected,rhscl-2/ |tomcat=notaffected,rhscl-2/
|rh-java-common-tomcat=notaf |rh-java-common-tomcat=notaf
|fected,jbews-2/tomcat6=wont |fected,jbews-2/tomcat6=wont
|fix,jbews-2/tomcat7=wontfix |fix,jbews-2/tomcat7=wontfix
|,jbews-3/tomcat7=defer,jbew |,jbews-3/tomcat7=defer,jbew
|s-3/tomcat8=defer,jws-3/tom |s-3/tomcat8=defer,jws-3/tom
|cat7=affected,jws-3/tomcat8 |cat7=affected,jws-3/tomcat8
|=affected,eap-6/jbossweb=ne |=affected,eap-6/jbossweb=ne
|w,eap-7/Scripts=new,jdg-6/j |w,eap-7/Scripts=new,jdg-6/j
|bossweb=new,jdv-6/jbossweb= |bossweb=new,jdv-6/jbossweb=
|new,jon-3/jbossweb=new,jpp- |new,jon-3/jbossweb=new,jpp-
|6/jbossweb=new,openshift-1/ |6/jbossweb=new,openshift-1/
|jbossweb=defer |jbossweb=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
9:06 p.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Kurt Seifried <kseifried(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1470472
--- Comment #16 from Kurt Seifried <kseifried(a)redhat.com> ---
Created jbossweb tracking bugs for this issue:
Affects: openshift-1 [bug 1470472]
--
You are receiving this mail because:
You are on the CC list for the bug.
7:31 p.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Jason Shepherd <jshepherd(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |loleary(a)redhat.com
Whiteboard|impact=important,public=201 |impact=important,public=201
|60915,reported=20160915,sou |60915,reported=20160915,sou
|rce=bugtraq,cvss2=6.9/AV:L/ |rce=bugtraq,cvss2=6.9/AV:L/
|AC:M/Au:N/C:C/I:C/A:C,cvss3 |AC:M/Au:N/C:C/I:C/A:C,cvss3
|=7.0/CVSS:3.0/AV:L/AC:H/PR: |=7.0/CVSS:3.0/AV:L/AC:H/PR:
|L/UI:N/S:U/C:H/I:H/A:H,cwe= |L/UI:N/S:U/C:H/I:H/A:H,cwe=
|CWE-284,rhel-5/tomcat5=nota |CWE-284,rhel-5/tomcat5=nota
|ffected,rhel-6/tomcat6=nota |ffected,rhel-6/tomcat6=nota
|ffected,rhel-7/tomcat=notaf |ffected,rhel-7/tomcat=notaf
|fected,fedora-all/tomcat=no |fected,fedora-all/tomcat=no
|taffected,epel-6/tomcat=aff |taffected,epel-6/tomcat=aff
|ected,dts-3.1/devtoolset-3- |ected,dts-3.1/devtoolset-3-
|tomcat=notaffected,rhscl-2/ |tomcat=notaffected,rhscl-2/
|rh-java-common-tomcat=notaf |rh-java-common-tomcat=notaf
|fected,jbews-2/tomcat6=wont |fected,jbews-2/tomcat6=wont
|fix,jbews-2/tomcat7=wontfix |fix,jbews-2/tomcat7=wontfix
|,jbews-3/tomcat7=defer,jbew |,jbews-3/tomcat7=defer,jbew
|s-3/tomcat8=defer,jws-3/tom |s-3/tomcat8=defer,jws-3/tom
|cat7=affected,jws-3/tomcat8 |cat7=affected,jws-3/tomcat8
|=affected,eap-6/jbossweb=ne |=affected,eap-6/jbossweb=ne
|w,eap-7/Scripts=new,jdg-6/j |w,eap-7/Scripts=new,jdg-6/j
|bossweb=new,jdv-6/jbossweb= |bossweb=new,jdv-6/jbossweb=
|new,jon-3/jbossweb=new,jpp- |new,jon-3/jbossweb=notaffec
|6/jbossweb=new,openshift-1/ |ted,jpp-6/jbossweb=new,open
|jbossweb=affected |shift-1/jbossweb=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
11:29 p.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Timothy Walsh <twalsh(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |apintea(a)redhat.com,
| |bkundal(a)redhat.com,
| |dimitris(a)redhat.com,
| |fgavrilo(a)redhat.com,
| |jondruse(a)redhat.com,
| |pjurak(a)redhat.com,
| |ppalaga(a)redhat.com,
| |psotirop(a)redhat.com,
| |rstancel(a)redhat.com,
| |sstavrev(a)redhat.com
Whiteboard|impact=important,public=201 |impact=important,public=201
|60915,reported=20160915,sou |60915,reported=20160915,sou
|rce=bugtraq,cvss2=6.9/AV:L/ |rce=bugtraq,cvss2=6.9/AV:L/
|AC:M/Au:N/C:C/I:C/A:C,cvss3 |AC:M/Au:N/C:C/I:C/A:C,cvss3
|=7.0/CVSS:3.0/AV:L/AC:H/PR: |=7.0/CVSS:3.0/AV:L/AC:H/PR:
|L/UI:N/S:U/C:H/I:H/A:H,cwe= |L/UI:N/S:U/C:H/I:H/A:H,cwe=
|CWE-284,rhel-5/tomcat5=nota |CWE-284,rhel-5/tomcat5=nota
|ffected,rhel-6/tomcat6=nota |ffected,rhel-6/tomcat6=nota
|ffected,rhel-7/tomcat=notaf |ffected,rhel-7/tomcat=notaf
|fected,fedora-all/tomcat=no |fected,fedora-all/tomcat=no
|taffected,epel-6/tomcat=aff |taffected,epel-6/tomcat=aff
|ected,dts-3.1/devtoolset-3- |ected,dts-3.1/devtoolset-3-
|tomcat=notaffected,rhscl-2/ |tomcat=notaffected,rhscl-2/
|rh-java-common-tomcat=notaf |rh-java-common-tomcat=notaf
|fected,jbews-2/tomcat6=wont |fected,jbews-2/tomcat6=wont
|fix,jbews-2/tomcat7=wontfix |fix,jbews-2/tomcat7=wontfix
|,jbews-3/tomcat7=defer,jbew |,jbews-3/tomcat7=defer,jbew
|s-3/tomcat8=defer,jws-3/tom |s-3/tomcat8=defer,jws-3/tom
|cat7=affected,jws-3/tomcat8 |cat7=affected,jws-3/tomcat8
|=affected,eap-6/jbossweb=ne |=affected,eap-6/jbossweb=no
|w,eap-7/Scripts=new,jdg-6/j |taffected,eap-7/Scripts=not
|bossweb=new,jdv-6/jbossweb= |affected,jdg-6/jbossweb=new
|new,jon-3/jbossweb=notaffec |,jdv-6/jbossweb=new,jon-3/j
|ted,jpp-6/jbossweb=new,open |bossweb=notaffected,jpp-6/j
|shift-1/jbossweb=affected |bossweb=new,openshift-1/jbo
| |ssweb=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
7:05 p.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Pavel Polischouk <pavelp(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|60915,reported=20160915,sou |60915,reported=20160915,sou
|rce=bugtraq,cvss2=6.9/AV:L/ |rce=bugtraq,cvss2=6.9/AV:L/
|AC:M/Au:N/C:C/I:C/A:C,cvss3 |AC:M/Au:N/C:C/I:C/A:C,cvss3
|=7.0/CVSS:3.0/AV:L/AC:H/PR: |=7.0/CVSS:3.0/AV:L/AC:H/PR:
|L/UI:N/S:U/C:H/I:H/A:H,cwe= |L/UI:N/S:U/C:H/I:H/A:H,cwe=
|CWE-284,rhel-5/tomcat5=nota |CWE-284,rhel-5/tomcat5=nota
|ffected,rhel-6/tomcat6=nota |ffected,rhel-6/tomcat6=nota
|ffected,rhel-7/tomcat=notaf |ffected,rhel-7/tomcat=notaf
|fected,fedora-all/tomcat=no |fected,fedora-all/tomcat=no
|taffected,epel-6/tomcat=aff |taffected,epel-6/tomcat=aff
|ected,dts-3.1/devtoolset-3- |ected,dts-3.1/devtoolset-3-
|tomcat=notaffected,rhscl-2/ |tomcat=notaffected,rhscl-2/
|rh-java-common-tomcat=notaf |rh-java-common-tomcat=notaf
|fected,jbews-2/tomcat6=wont |fected,jbews-2/tomcat6=wont
|fix,jbews-2/tomcat7=wontfix |fix,jbews-2/tomcat7=wontfix
|,jbews-3/tomcat7=defer,jbew |,jbews-3/tomcat7=defer,jbew
|s-3/tomcat8=defer,jws-3/tom |s-3/tomcat8=defer,jws-3/tom
|cat7=affected,jws-3/tomcat8 |cat7=affected,jws-3/tomcat8
|=affected,eap-6/jbossweb=no |=affected,eap-6/jbossweb=no
|taffected,eap-7/Scripts=not |taffected,eap-7/Scripts=not
|affected,jdg-6/jbossweb=new |affected,jdg-6/jbossweb=new
|,jdv-6/jbossweb=new,jon-3/j |,jdv-6/jbossweb=notaffected
|bossweb=notaffected,jpp-6/j |,jon-3/jbossweb=notaffected
|bossweb=new,openshift-1/jbo |,jpp-6/jbossweb=new,openshi
|ssweb=affected |ft-1/jbossweb=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
3:04 p.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Chess Hazlett <chazlett(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|60915,reported=20160915,sou |60915,reported=20160914,sou
|rce=bugtraq,cvss2=6.9/AV:L/ |rce=bugtraq,cvss2=6.9/AV:L/
|AC:M/Au:N/C:C/I:C/A:C,cvss3 |AC:M/Au:N/C:C/I:C/A:C,cvss3
|=7.0/CVSS:3.0/AV:L/AC:H/PR: |=7.0/CVSS:3.0/AV:L/AC:H/PR:
|L/UI:N/S:U/C:H/I:H/A:H,cwe= |L/UI:N/S:U/C:H/I:H/A:H,cwe=
|CWE-284,rhel-5/tomcat5=nota |CWE-284,rhel-5/tomcat5=nota
|ffected,rhel-6/tomcat6=nota |ffected,rhel-6/tomcat6=nota
|ffected,rhel-7/tomcat=notaf |ffected,rhel-7/tomcat=notaf
|fected,fedora-all/tomcat=no |fected,fedora-all/tomcat=no
|taffected,epel-6/tomcat=aff |taffected,epel-6/tomcat=aff
|ected,dts-3.1/devtoolset-3- |ected,dts-3.1/devtoolset-3-
|tomcat=notaffected,rhscl-2/ |tomcat=notaffected,rhscl-2/
|rh-java-common-tomcat=notaf |rh-java-common-tomcat=notaf
|fected,jbews-2/tomcat6=wont |fected,jbews-2/tomcat6=wont
|fix,jbews-2/tomcat7=wontfix |fix,jbews-2/tomcat7=wontfix
|,jbews-3/tomcat7=defer,jbew |,jbews-3/tomcat7=defer,jbew
|s-3/tomcat8=defer,jws-3/tom |s-3/tomcat8=defer,jws-3/tom
|cat7=affected,jws-3/tomcat8 |cat7=affected,jws-3/tomcat8
|=affected,eap-6/jbossweb=no |=affected,eap-6/jbossweb=no
|taffected,eap-7/Scripts=not |taffected,eap-7/Scripts=not
|affected,jdg-6/jbossweb=new |affected,jdg-6/jbossweb=not
|,jdv-6/jbossweb=notaffected |affected,jdv-6/jbossweb=not
|,jon-3/jbossweb=notaffected |affected,jon-3/jbossweb=not
|,jpp-6/jbossweb=new,openshi |affected,jpp-6/jbossweb=aff
|ft-1/jbossweb=affected |ected,openshift-1/jbossweb=
| |affected
--
You are receiving this mail because:
You are on the CC list for the bug.
3:37 p.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Chess Hazlett <chazlett(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|60915,reported=20160914,sou |60915,reported=20160913,sou
|rce=bugtraq,cvss2=6.9/AV:L/ |rce=bugtraq,cvss2=6.9/AV:L/
|AC:M/Au:N/C:C/I:C/A:C,cvss3 |AC:M/Au:N/C:C/I:C/A:C,cvss3
|=7.0/CVSS:3.0/AV:L/AC:H/PR: |=7.0/CVSS:3.0/AV:L/AC:H/PR:
|L/UI:N/S:U/C:H/I:H/A:H,cwe= |L/UI:N/S:U/C:H/I:H/A:H,cwe=
|CWE-284,rhel-5/tomcat5=nota |CWE-284,rhel-5/tomcat5=nota
|ffected,rhel-6/tomcat6=nota |ffected,rhel-6/tomcat6=nota
|ffected,rhel-7/tomcat=notaf |ffected,rhel-7/tomcat=notaf
|fected,fedora-all/tomcat=no |fected,fedora-all/tomcat=no
|taffected,epel-6/tomcat=aff |taffected,epel-6/tomcat=aff
|ected,dts-3.1/devtoolset-3- |ected,dts-3.1/devtoolset-3-
|tomcat=notaffected,rhscl-2/ |tomcat=notaffected,rhscl-2/
|rh-java-common-tomcat=notaf |rh-java-common-tomcat=notaf
|fected,jbews-2/tomcat6=wont |fected,jbews-2/tomcat6=wont
|fix,jbews-2/tomcat7=wontfix |fix,jbews-2/tomcat7=wontfix
|,jbews-3/tomcat7=defer,jbew |,jbews-3/tomcat7=defer,jbew
|s-3/tomcat8=defer,jws-3/tom |s-3/tomcat8=defer,jws-3/tom
|cat7=affected,jws-3/tomcat8 |cat7=affected,jws-3/tomcat8
|=affected,eap-6/jbossweb=no |=affected,eap-6/jbossweb=no
|taffected,eap-7/Scripts=not |taffected,eap-7/Scripts=not
|affected,jdg-6/jbossweb=not |affected,jdg-6/jbossweb=not
|affected,jdv-6/jbossweb=not |affected,jdv-6/jbossweb=not
|affected,jon-3/jbossweb=not |affected,jon-3/jbossweb=not
|affected,jpp-6/jbossweb=aff |affected,jpp-6/jbossweb=not
|ected,openshift-1/jbossweb= |affected,openshift-1/jbossw
|affected |eb=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
4:32 a.m.
New subject: [Bug 1376712] CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Viliam Križan <vkrizan(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|60915,reported=20160913,sou |60915,reported=20160915,sou
|rce=bugtraq,cvss2=6.9/AV:L/ |rce=bugtraq,cvss2=6.9/AV:L/
|AC:M/Au:N/C:C/I:C/A:C,cvss3 |AC:M/Au:N/C:C/I:C/A:C,cvss3
|=7.0/CVSS:3.0/AV:L/AC:H/PR: |=7.0/CVSS:3.0/AV:L/AC:H/PR:
|L/UI:N/S:U/C:H/I:H/A:H,cwe= |L/UI:N/S:U/C:H/I:H/A:H,cwe=
|CWE-284,rhel-5/tomcat5=nota |CWE-284,rhel-5/tomcat5=nota
|ffected,rhel-6/tomcat6=nota |ffected,rhel-6/tomcat6=nota
|ffected,rhel-7/tomcat=notaf |ffected,rhel-7/tomcat=notaf
|fected,fedora-all/tomcat=no |fected,fedora-all/tomcat=no
|taffected,epel-6/tomcat=aff |taffected,epel-6/tomcat=aff
|ected,dts-3.1/devtoolset-3- |ected,dts-3.1/devtoolset-3-
|tomcat=notaffected,rhscl-2/ |tomcat=notaffected,rhscl-2/
|rh-java-common-tomcat=notaf |rh-java-common-tomcat=notaf
|fected,jbews-2/tomcat6=wont |fected,jbews-2/tomcat6=wont
|fix,jbews-2/tomcat7=wontfix |fix,jbews-2/tomcat7=wontfix
|,jbews-3/tomcat7=defer,jbew |,jbews-3/tomcat7=defer,jbew
|s-3/tomcat8=defer,jws-3/tom |s-3/tomcat8=defer,jws-3/tom
|cat7=affected,jws-3/tomcat8 |cat7=affected,jws-3/tomcat8
|=affected,eap-6/jbossweb=no |=affected,eap-6/jbossweb=no
|taffected,eap-7/Scripts=not |taffected,eap-7/Scripts=not
|affected,jdg-6/jbossweb=not |affected,jdg-6/jbossweb=not
|affected,jdv-6/jbossweb=not |affected,jdv-6/jbossweb=not
|affected,jon-3/jbossweb=not |affected,jon-3/jbossweb=not
|affected,jpp-6/jbossweb=not |affected,jpp-6/jbossweb=not
|affected,openshift-1/jbossw |affected,openshift-1/jbossw
|eb=affected |eb=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
2267
days inactive
2781
days old
java-sig-commits@lists.fedoraproject.org
31 comments
2 participants
participants (2)
-
bugzilla@redhat.com -
Red Hat Bugzilla