[tomcat7] 01/01: Fixed CVE-2016-1240: Local Root Privilege Escalation

Emmanuel Bourg ebourg-guest at moszumanska.debian.org
Thu Sep 15 18:52:32 UTC 2016 

This is an automated email from the git hooks/post-receive script.

ebourg-guest pushed a commit to branch master
in repository tomcat7.

commit 874630cbb0714b52c5ea5ceac35389ff50d4a298
Author: Emmanuel Bourg <ebourg at apache.org>
Date:   Wed Sep 14 10:56:57 2016 +0200

    Fixed CVE-2016-1240: Local Root Privilege Escalation
---
 debian/changelog    | 12 ++++++++++++
 debian/tomcat7.init |  6 ++++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index cc6ae81..8e73c1c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+tomcat7 (7.0.70-3) unstable; urgency=high
+
+  * Team upload.
+  * Fixed CVE-2016-1240: A flaw in the init.d startup script allows local
+    attackers who have gained access to the server in the context of the
+    tomcat user through a vulnerability in a web application to replace
+    the catalina.out file with a symlink to an arbitrary file on the system,
+    potentially leading to a root privilege escalation.
+    Thanks to Dawid Golunski for the report.
+
+ -- Emmanuel Bourg <ebourg at apache.org>  Wed, 14 Sep 2016 10:56:45 +0200
+
 tomcat7 (7.0.70-2) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/tomcat7.init b/debian/tomcat7.init
index b2c33f4..b21ee58 100644
--- a/debian/tomcat7.init
+++ b/debian/tomcat7.init
@@ -170,8 +170,10 @@ catalina_sh() {
 
 	# Run the catalina.sh script as a daemon
 	set +e
-	touch "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out
-	chown $TOMCAT7_USER "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out
+	if [ ! -f "$CATALINA_BASE"/logs/catalina.out ]; then
+		install -o $TOMCAT7_USER -g adm -m 644 /dev/null "$CATALINA_BASE"/logs/catalina.out
+	fi
+	install -o $TOMCAT7_USER -g adm -m 644 /dev/null "$CATALINA_PID"
 	start-stop-daemon --start -b -u "$TOMCAT7_USER" -g "$TOMCAT7_GROUP" \
 		-c "$TOMCAT7_USER" -d "$CATALINA_TMPDIR" -p "$CATALINA_PID" \
 		-x /bin/bash -- -c "$AUTHBIND_COMMAND $TOMCAT_SH"

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat7.git

More information about the pkg-java-commits mailing list