exploit the possibilities
Showing 1 - 10 of 10 RSS Feed

CVE-2011-2729

Status Candidate

Overview

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

Related Files

HP Security Bulletin HPSBST02955 2
Posted Mar 6, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02955 2 - Potential security vulnerabilities have been identified in 3rd party software used in HP XP P9000 Performance Advisor running Oracle and Apache Tomcat Software. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002, CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4172, CVE-2011-0013, CVE-2011-0534, CVE-2011-1184, CVE-2011-2204, CVE-2011-2481, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-5035, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064
MD5 | 89e81c1ac8b82e8cd63e41150737cbd9
HP Security Bulletin HPSBST02955
Posted Feb 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02955 - Potential security vulnerabilities have been identified in 3rd party software used in HP XP P9000 Performance Advisor running Oracle and Apache Tomcat Software. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002, CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4172, CVE-2011-0013, CVE-2011-0534, CVE-2011-1184, CVE-2011-2204, CVE-2011-2481, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-5035, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064
MD5 | 2c9338f86cc4928d8dbc40a966e7becf
HP Security Bulletin HPSBUX02860 SSRT101146
Posted Apr 1, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02860 SSRT101146 - Potential security vulnerabilities have been identified with HP-UX Apache running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass, unauthorized modification, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4476, CVE-2011-0013, CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-4858, CVE-2012-0022, CVE-2012-5885
MD5 | de5adbf8e77d688a211ab5701c07611d
Gentoo Linux Security Advisory 201206-24
Posted Jun 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-24 - Multiple vulnerabilities were found in Apache Tomcat, the worst of which allowing to read, modify and overwrite arbitrary files. Versions 5.5.34 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4172, CVE-2010-4312, CVE-2011-0013, CVE-2011-0534, CVE-2011-1088, CVE-2011-1183, CVE-2011-1184, CVE-2011-1419, CVE-2011-1475, CVE-2011-1582, CVE-2011-2204, CVE-2011-2481, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-3375, CVE-2011-4858
MD5 | bbfac7a6ad2ab503ae26538e4d3ecc94
HP Security Bulletin HPSBOV02762 SSRT100825
Posted Apr 17, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02762 SSRT100825 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, privilege escalation, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
advisories | CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2009-3555, CVE-2010-1157, CVE-2010-4476, CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190
MD5 | 92bbc76cd42571f4ab7d96f0c2e36a15
Ubuntu Security Notice USN-1298-1
Posted Dec 13, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1298-1 - Wilfried Weissmann discovered that Apache Commons Daemon incorrectly dropped capabilities after starting. A remote attacker could possibly use this flaw to read certain files, bypassing the intended permissions.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2011-2729
MD5 | 04907bb6e79015ba5614a277ea9e2464
HP Security Bulletin HPSBUX02725 SSRT100627
Posted Nov 24, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02725 SSRT100627 - Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to disclose information, allow authentication bypass, allow cross-site scripting (XSS), gain unauthorized access, or create a Denial of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability, xss
systems | hpux
advisories | CVE-2010-3718, CVE-2010-4476, CVE-2011-0013, CVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190
MD5 | 78b8c944a8723e2c2c2dfb9ecab0640d
Red Hat Security Advisory 2011-1292-01
Posted Sep 14, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1292-01 - The jakarta-commons-daemon-jsvc package includes jsvc, a service wrapper that allows Java applications to be run as daemons. It was found that jsvc did not correctly drop capabilities after starting an application. If an administrator used jsvc to run an application, and also used the "-user" option to specify a user for it to run as, the application correctly ran as that user but did not drop its increased capabilities, allowing it access to all files and directories accessible to the root user. Note: This flaw does not affect Red Hat Enterprise Linux 5 and 6, as the jakarta-commons-daemon-jsvc packages for those products are not built with capabilities support.

tags | advisory, java, root
systems | linux, redhat
advisories | CVE-2011-2729
MD5 | bac2918be6cc17e96ce2397dc782a5d7
Red Hat Security Advisory 2011-1291-01
Posted Sep 14, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1291-01 - jsvc is a service wrapper that allows Java applications to be run as daemons. It was found that jsvc did not correctly drop capabilities after starting an application. If an administrator used jsvc to run an application, and also used the "-user" option to specify a user for it to run as, the application correctly ran as that user but did not drop its increased capabilities, allowing it access to all files and directories accessible to the root user. Note: This flaw only affected users running JBoss Enterprise Web Server 1.0.2 from jboss-ews-1.0.2-RHEL4-[arch].zip as provided from the Red Hat Customer Portal, as versions for other products are not built with capabilities support.

tags | advisory, java, web, root
systems | linux, redhat
advisories | CVE-2011-2729
MD5 | ba2a1afb6cf7aa3f032dd4669ec22da0
Commons Daemokn Fails To Drop Capabilities
Posted Aug 12, 2011
Authored by Mark Thomas, Wilfried Weissmann | Site tomcat.apache.org

Due to a bug in the capabilities code, jsvc (the service wrapper for Linux that is part of the Commons Daemon project) does not drop capabilities allowing the application to access files and directories owned by superuser. Tomcat versions 7.0.0 to 7.0.19, 6.0.30 to 6.0.32, and 5.5.32 to 5.5.33 are affected.

tags | advisory
systems | linux
advisories | CVE-2011-2729
MD5 | 0bcff5f8f27231cddd0fdace0549d7d7
Page 1 of 1
Back1Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close