CVE-2011-2729
First published: Fri Aug 12 2011(Updated: )
A bug in the capabilities code of tomcat5 [1] and tomcat6 [1] was identified in jsvc (the service wrapper for Linux that is part of the Commons Daemon project). jsvc would not drop capabilities, allowing the application to access files and directories owned by the superuser. The vulnerability only occurred when the following conditions were true: * Tomcat is running on Linux * jsvc is compiled with libcap * -user parameter is used This affects Tomcat 6.0.30-6.0.32 and is fixed in r1153824 [3] and Tomcat 5.5.32-5.5.33, a proposed patch is available [4], however all these do is update the build files to use the latest Apache Commons Daemon. The real flaw is in the Apache Commons Daemon, and is fixed in upstream 1.0.7 [5]. According to the bug report [6] Commons Daemon 1.0.3-1.0.6 are affected and it is fixed in r11152701 [7]. [1] <a href="http://tomcat.apache.org/security-5.html">http://tomcat.apache.org/security-5.html</a> [2] <a href="http://tomcat.apache.org/security-6.html">http://tomcat.apache.org/security-6.html</a> [3] <a href="http://svn.apache.org/viewvc?view=revision&revision=1153824">http://svn.apache.org/viewvc?view=revision&revision=1153824</a> [4] <a href="http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch">http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch</a> [5] <a href="http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108@apache.org%3E">http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108@apache.org%3E</a> [6] <a href="https://issues.apache.org/jira/browse/DAEMON-214">https://issues.apache.org/jira/browse/DAEMON-214</a> [7] <a href="http://svn.apache.org/viewvc?view=revision&revision=1152701">http://svn.apache.org/viewvc?view=revision&revision=1152701</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Commons Daemon | =1.0.3 | |
| Apache Commons Daemon | =1.0.4 | |
| Apache Commons Daemon | =1.0.5 | |
| Apache Commons Daemon | =1.0.6 | |
| Tomcat | =5.5.32 | |
| Tomcat | =5.5.33 | |
| Linux Kernel | ||
| Tomcat | =6.0.30 | |
| Tomcat | =6.0.31 | |
| Tomcat | =6.0.32 | |
| Apache Commons Daemon | =1.0.3 | |
| Apache Commons Daemon | =1.0.4 | |
| Apache Commons Daemon | =1.0.5 | |
| Apache Commons Daemon | =1.0.6 | |
| Tomcat | =7.0.0 | |
| Tomcat | =7.0.0-beta | |
| Tomcat | =7.0.1 | |
| Tomcat | =7.0.2 | |
| Tomcat | =7.0.3 | |
| Tomcat | =7.0.4 | |
| Tomcat | =7.0.5 | |
| Tomcat | =7.0.6 | |
| Tomcat | =7.0.7 | |
| Tomcat | =7.0.8 | |
| Tomcat | =7.0.9 | |
| Tomcat | =7.0.10 | |
| Tomcat | =7.0.11 | |
| Tomcat | =7.0.12 | |
| Tomcat | =7.0.13 | |
| Tomcat | =7.0.14 | |
| Tomcat | =7.0.16 | |
| Tomcat | =7.0.17 | |
| Tomcat | =7.0.19 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://tomcat.apache.org/security-7.html
- https://issues.apache.org/jira/browse/DAEMON-214
- http://tomcat.apache.org/security-5.html
- https://bugzilla.redhat.com/show_bug.cgi?id=730400
- http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch
- http://svn.apache.org/viewvc?view=revision&revision=1153379
- http://tomcat.apache.org/security-6.html
- http://svn.apache.org/viewvc?view=revision&revision=1152701
- http://www.securityfocus.com/bid/49143
- http://securitytracker.com/id?1025925
- http://svn.apache.org/viewvc?view=revision&revision=1153824
- http://www.redhat.com/support/errata/RHSA-2011-1291.html
- http://secunia.com/advisories/46030
- http://www.redhat.com/support/errata/RHSA-2011-1292.html
- http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html
- http://marc.info/?l=bugtraq&m=132215163318824&w=2
- http://marc.info/?l=bugtraq&m=136485229118404&w=2
- http://marc.info/?l=bugtraq&m=139344343412337&w=2
- http://secunia.com/advisories/57126
- http://marc.info/?l=bugtraq&m=133469267822771&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69161
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19450
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14743
- http://www.securityfocus.com/archive/1/519263/100/0/threaded
- http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3E
- https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
- http://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306%40apache.org%3E
- http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108@apache.org%3E
- http://koji.fedoraproject.org/koji/buildinfo?buildID=258637
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=730825
- https://rhn.redhat.com/errata/RHSA-2011-1292.html
- https://rhn.redhat.com/errata/RHSA-2011-1291.html
Frequently Asked Questions
What is the severity of CVE-2011-2729?
CVE-2011-2729 is considered a high severity vulnerability due to its potential to allow unauthorized access to superuser files.
How do I fix CVE-2011-2729?
To fix CVE-2011-2729, it is recommended to update Apache Tomcat and Apache Commons Daemon to the latest versions available.
Which versions are affected by CVE-2011-2729?
CVE-2011-2729 affects Apache Tomcat versions 5.5.32, 5.5.33, and 6.0.30 to 6.0.32.
Can CVE-2011-2729 affect my web applications?
Yes, CVE-2011-2729 can affect web applications running on vulnerable versions of Apache Tomcat, potentially compromising file security.
Is there a workaround for CVE-2011-2729?
A possible workaround for CVE-2011-2729 is to limit user permissions and implement stricter access controls on system files.
- collector/nvd-historical
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-2729
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/apache commons daemon
- version/apache commons daemon/1.0.3
- version/apache commons daemon/1.0.4
- version/apache commons daemon/1.0.5
- version/apache commons daemon/1.0.6
- canonical/tomcat
- version/tomcat/5.5.32
- version/tomcat/5.5.33
- vendor/linux
- canonical/linux kernel
- version/tomcat/6.0.30
- version/tomcat/6.0.31
- version/tomcat/6.0.32
- version/tomcat/7.0.0
- version/tomcat/7.0.0-beta
- version/tomcat/7.0.1
- version/tomcat/7.0.2
- version/tomcat/7.0.3
- version/tomcat/7.0.4
- version/tomcat/7.0.5
- version/tomcat/7.0.6
- version/tomcat/7.0.7
- version/tomcat/7.0.8
- version/tomcat/7.0.9
- version/tomcat/7.0.10
- version/tomcat/7.0.11
- version/tomcat/7.0.12
- version/tomcat/7.0.13
- version/tomcat/7.0.14
- version/tomcat/7.0.16
- version/tomcat/7.0.17
- version/tomcat/7.0.19