CVE-2011-2729
First published: Fri Aug 12 2011(Updated: )
A bug in the capabilities code of tomcat5 [1] and tomcat6 [1] was identified in jsvc (the service wrapper for Linux that is part of the Commons Daemon project). jsvc would not drop capabilities, allowing the application to access files and directories owned by the superuser. The vulnerability only occurred when the following conditions were true: * Tomcat is running on Linux * jsvc is compiled with libcap * -user parameter is used This affects Tomcat 6.0.30-6.0.32 and is fixed in r1153824 [3] and Tomcat 5.5.32-5.5.33, a proposed patch is available [4], however all these do is update the build files to use the latest Apache Commons Daemon. The real flaw is in the Apache Commons Daemon, and is fixed in upstream 1.0.7 [5]. According to the bug report [6] Commons Daemon 1.0.3-1.0.6 are affected and it is fixed in r11152701 [7]. [1] <a href="http://tomcat.apache.org/security-5.html">http://tomcat.apache.org/security-5.html</a> [2] <a href="http://tomcat.apache.org/security-6.html">http://tomcat.apache.org/security-6.html</a> [3] <a href="http://svn.apache.org/viewvc?view=revision&revision=1153824">http://svn.apache.org/viewvc?view=revision&revision=1153824</a> [4] <a href="http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch">http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch</a> [5] <a href="http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108@apache.org%3E">http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108@apache.org%3E</a> [6] <a href="https://issues.apache.org/jira/browse/DAEMON-214">https://issues.apache.org/jira/browse/DAEMON-214</a> [7] <a href="http://svn.apache.org/viewvc?view=revision&revision=1152701">http://svn.apache.org/viewvc?view=revision&revision=1152701</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Apache Commons Daemon | =1.0.3 | |
| Apache Apache Commons Daemon | =1.0.4 | |
| Apache Apache Commons Daemon | =1.0.5 | |
| Apache Apache Commons Daemon | =1.0.6 | |
| Apache Tomcat | =5.5.32 | |
| Apache Tomcat | =5.5.33 | |
| Linux Linux kernel | ||
| Apache Tomcat | =6.0.30 | |
| Apache Tomcat | =6.0.31 | |
| Apache Tomcat | =6.0.32 | |
| Apache Apache Commons Daemon | =1.0.3 | |
| Apache Apache Commons Daemon | =1.0.4 | |
| Apache Apache Commons Daemon | =1.0.5 | |
| Apache Apache Commons Daemon | =1.0.6 | |
| Apache Tomcat | =7.0.0 | |
| Apache Tomcat | =7.0.0-beta | |
| Apache Tomcat | =7.0.1 | |
| Apache Tomcat | =7.0.2 | |
| Apache Tomcat | =7.0.3 | |
| Apache Tomcat | =7.0.4 | |
| Apache Tomcat | =7.0.5 | |
| Apache Tomcat | =7.0.6 | |
| Apache Tomcat | =7.0.7 | |
| Apache Tomcat | =7.0.8 | |
| Apache Tomcat | =7.0.9 | |
| Apache Tomcat | =7.0.10 | |
| Apache Tomcat | =7.0.11 | |
| Apache Tomcat | =7.0.12 | |
| Apache Tomcat | =7.0.13 | |
| Apache Tomcat | =7.0.14 | |
| Apache Tomcat | =7.0.16 | |
| Apache Tomcat | =7.0.17 | |
| Apache Tomcat | =7.0.19 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://tomcat.apache.org/security-7.html
- https://issues.apache.org/jira/browse/DAEMON-214
- http://tomcat.apache.org/security-5.html
- https://bugzilla.redhat.com/show_bug.cgi?id=730400
- http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch
- http://svn.apache.org/viewvc?view=revision&revision=1153379
- http://tomcat.apache.org/security-6.html
- http://svn.apache.org/viewvc?view=revision&revision=1152701
- http://www.securityfocus.com/bid/49143
- http://securitytracker.com/id?1025925
- http://svn.apache.org/viewvc?view=revision&revision=1153824
- http://www.redhat.com/support/errata/RHSA-2011-1291.html
- http://secunia.com/advisories/46030
- http://www.redhat.com/support/errata/RHSA-2011-1292.html
- http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html
- http://marc.info/?l=bugtraq&m=132215163318824&w=2
- http://marc.info/?l=bugtraq&m=136485229118404&w=2
- http://marc.info/?l=bugtraq&m=139344343412337&w=2
- http://secunia.com/advisories/57126
- http://marc.info/?l=bugtraq&m=133469267822771&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69161
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19450
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14743
- http://www.securityfocus.com/archive/1/519263/100/0/threaded
- http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3E
- https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
- http://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306%40apache.org%3E
- http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108@apache.org%3E
- http://koji.fedoraproject.org/koji/buildinfo?buildID=258637
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=730825
- https://rhn.redhat.com/errata/RHSA-2011-1292.html
- https://rhn.redhat.com/errata/RHSA-2011-1291.html
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-2729
- vendor/apache
- canonical/apache apache commons daemon
- version/apache apache commons daemon/1.0.3
- version/apache apache commons daemon/1.0.4
- version/apache apache commons daemon/1.0.5
- version/apache apache commons daemon/1.0.6
- canonical/apache tomcat
- version/apache tomcat/5.5.32
- version/apache tomcat/5.5.33
- vendor/linux
- canonical/linux linux kernel
- version/apache tomcat/6.0.30
- version/apache tomcat/6.0.31
- version/apache tomcat/6.0.32
- version/apache tomcat/7.0.0
- version/apache tomcat/7.0.0-beta
- version/apache tomcat/7.0.1
- version/apache tomcat/7.0.2
- version/apache tomcat/7.0.3
- version/apache tomcat/7.0.4
- version/apache tomcat/7.0.5
- version/apache tomcat/7.0.6
- version/apache tomcat/7.0.7
- version/apache tomcat/7.0.8
- version/apache tomcat/7.0.9
- version/apache tomcat/7.0.10
- version/apache tomcat/7.0.11
- version/apache tomcat/7.0.12
- version/apache tomcat/7.0.13
- version/apache tomcat/7.0.14
- version/apache tomcat/7.0.16
- version/apache tomcat/7.0.17
- version/apache tomcat/7.0.19