CVE-2016-8657

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Linux versions prior to 7

Description A security issue was found in certain versions of Red Hat Enterprise Linux, where EAP packages have incorrect permissions for the /etc/sysconfig/jbossas configuration file. The file is writable to the jboss group and its content is executed with root privileges when the jboss service is started, stopped, or restarted on systems using classic /etc/init.d init scripts, such as Red Hat Enterprise Linux 6 and earlier.

Recommendations For Red Hat Enterprise Linux versions prior to 7, consider restricting write access to the /etc/sysconfig/jbossas configuration file to prevent unauthorized modifications. As a temporary workaround, monitor the file for any changes and ensure that only authorized personnel can modify it. At the moment, there is no information about a newer version that contains a fix for this vulnerability.