[tomcat7] 01/01: Fixed CVE-2016-1240: Local Root Privilege Escalation
Emmanuel Bourg
ebourg-guest at moszumanska.debian.org
Thu Sep 15 18:52:32 UTC 2016
This is an automated email from the git hooks/post-receive script.
ebourg-guest pushed a commit to branch master
in repository tomcat7.
commit 874630cbb0714b52c5ea5ceac35389ff50d4a298
Author: Emmanuel Bourg <ebourg at apache.org>
Date: Wed Sep 14 10:56:57 2016 +0200
Fixed CVE-2016-1240: Local Root Privilege Escalation
---
debian/changelog | 12 ++++++++++++
debian/tomcat7.init | 6 ++++--
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index cc6ae81..8e73c1c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+tomcat7 (7.0.70-3) unstable; urgency=high
+
+ * Team upload.
+ * Fixed CVE-2016-1240: A flaw in the init.d startup script allows local
+ attackers who have gained access to the server in the context of the
+ tomcat user through a vulnerability in a web application to replace
+ the catalina.out file with a symlink to an arbitrary file on the system,
+ potentially leading to a root privilege escalation.
+ Thanks to Dawid Golunski for the report.
+
+ -- Emmanuel Bourg <ebourg at apache.org> Wed, 14 Sep 2016 10:56:45 +0200
+
tomcat7 (7.0.70-2) unstable; urgency=medium
* Team upload.
diff --git a/debian/tomcat7.init b/debian/tomcat7.init
index b2c33f4..b21ee58 100644
--- a/debian/tomcat7.init
+++ b/debian/tomcat7.init
@@ -170,8 +170,10 @@ catalina_sh() {
# Run the catalina.sh script as a daemon
set +e
- touch "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out
- chown $TOMCAT7_USER "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out
+ if [ ! -f "$CATALINA_BASE"/logs/catalina.out ]; then
+ install -o $TOMCAT7_USER -g adm -m 644 /dev/null "$CATALINA_BASE"/logs/catalina.out
+ fi
+ install -o $TOMCAT7_USER -g adm -m 644 /dev/null "$CATALINA_PID"
start-stop-daemon --start -b -u "$TOMCAT7_USER" -g "$TOMCAT7_GROUP" \
-c "$TOMCAT7_USER" -d "$CATALINA_TMPDIR" -p "$CATALINA_PID" \
-x /bin/bash -- -c "$AUTHBIND_COMMAND $TOMCAT_SH"
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat7.git
More information about the pkg-java-commits
mailing list