PT-2016-4663 · Apache+1 · Apache Tomcat+1

Dawid Golunski

·

Publicado

2016-09-15

·

Atualizado

2023-02-06

·

CVE-2016-1240

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions prior to 7.0.56-3+deb8u4 Apache Tomcat versions prior to 8.0.14-1+deb8u3 Apache Tomcat 6 versions prior to 6.0.35-1ubuntu3.8 Apache Tomcat 7 versions prior to 7.0.52-1ubuntu0.7 Apache Tomcat 8 versions prior to 8.0.32-1ubuntu1.2
Description The issue allows local users with access to the Tomcat account to gain root privileges via a symlink attack on the Catalina log file. This can be demonstrated by an attack on the /var/log/tomcat7/catalina.out file.
Recommendations For Apache Tomcat 6, update to version 6.0.35-1ubuntu3.8 or later. For Apache Tomcat 7 on Debian jessie, update to version 7.0.56-3+deb8u4 or later. For Apache Tomcat 7 on Ubuntu 14.04 LTS, update to version 7.0.52-1ubuntu0.7 or later. For Apache Tomcat 8 on Debian jessie, update to version 8.0.14-1+deb8u3 or later. For Apache Tomcat 8 on Ubuntu 16.04 LTS, update to version 8.0.32-1ubuntu1.2 or later.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2016-1240
DLA-622-1
DLA-623-1
DSA-3669-1
DSA-3670-1
RHSA-2017:0455
RHSA-2017:0456
USN-3081-1
USN-3081-2

Produtos afetados

Apache Tomcat
Ubuntu