Tomcat: Insecure installation — GLSA 200408-15

Improper file ownership may allow a member of the tomcat group to execute scripts as root.

Affected packages

Package 	www-servers/tomcat on all architectures
Affected versions 	< 5.0.27-r3
Unaffected versions 	>= 5.0.27-r3
revision >= 4.1.30-r4
revision >= 3.3.2-r2

Background

Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages.

Description

The Gentoo ebuild for Tomcat sets the ownership of the Tomcat init scripts as tomcat:tomcat, but those scripts are executed with root privileges when the system is started. This may allow a member of the tomcat group to run arbitrary code with root privileges when the Tomcat init scripts are run.

Impact

This could lead to a local privilege escalation or root compromise by authenticated users.

Workaround

Users may change the ownership of /etc/init.d/tomcat* and /etc/conf.d/tomcat* to be root:root:
# chown -R root:root /etc/init.d/tomcat* # chown -R root:root /etc/conf.d/tomcat*

Resolution

All Tomcat users can upgrade to the latest stable version, or simply apply the workaround:

 # emerge sync
 # emerge -pv ">=www-servers/tomcat-5.0.27-r3"
 # emerge ">=www-servers/tomcat-5.0.27-r3"

References

    CVE-2004-1452