New subject: [Bug 1003877] CVE-2016-5425: Root Privilege Escalation: Apache Tomcat packaging on RedHat-based distros

10 Oct 2016

      http://bugzilla.opensuse.org/show_bug.cgi?id=1003877

            Bug ID: 1003877
           Summary: CVE-2016-5425: Root Privilege Escalation: Apache
                    Tomcat packaging on RedHat-based distros
    Classification: openSUSE
           Product: openSUSE Distribution
           Version: Leap 42.1
          Hardware: Other
                OS: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Security
          Assignee: security-team@suse.de
          Reporter: mikhail.kasimov@gmail.com
        QA Contact: qa-bugs@suse.de
          Found By: ---
           Blocker: ---

References:
===========================================================
[1] http://seclists.org/oss-sec/2016/q4/78
[2]
http://legalhackers.com/advisories/Tomcat-RedHat-Pkgs-Root-PrivEsc-Exploit-C...
[3] https://access.redhat.com/security/cve/CVE-2016-5425
===========================================================

[1]:
===========================================================
Vulnerability: Apache Tomcat packaging on RedHat-based distros

CVE-2016-5425

Discovered by:
Dawid Golunski (http://legalhackers.com)

Affected systems: Multiple Tomcat packages on RedHat-based systems
including: CentOS,Fedora,OracleLinux,RedHat etc.

Short Description:

Apache Tomcat packages provided by default repositories of RedHat-based
distributions (including CentOS, RedHat, OracleLinux, Fedora,  etc.)
create a tmpfiles.d configuration file with insecure permissions which
allow attackers who are able to write files with tomcat user permissions
(for example, through a vulnerability in web application hosted on Tomcat)
to escalate their privileges from tomcat user to root and fully compromise
the target system.

Full advisory and a working root privilege escalation exploit can be found
at:

http://legalhackers.com/advisories/Tomcat-RedHat-Pkgs-Root-PrivEsc-Exploit-C...

BTW. If you are using Tomcat on a Debian-based distro,  you may want
to check out
my previous Tomcat advisory and exploit at:

http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-...

-- 
Regards,
Dawid Golunski
http://legalhackers.com
===========================================================

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 1003877] New: CVE-2016-5425: Root Privilege Escalation: Apache Tomcat packaging on RedHat-based distros

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

tags

participants (1)