what you don't know can hurt you
Showing 1 - 6 of 6 RSS Feed

CVE-2016-8657

Status Candidate

Overview

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

Related Files

Red Hat Security Advisory 2018-1609-01
Posted May 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1609-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. Issues addressed include a privilege escalation vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-8656, CVE-2016-8657
MD5 | 7c100c472fd59e5ad369c9effc751de1
Red Hat Security Advisory 2017-0828-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0828-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

tags | advisory, java, root
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2016-8657, CVE-2017-6056
MD5 | 3e40bec85188c85df789135696804d68
Red Hat Security Advisory 2017-0829-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0829-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.14. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

tags | advisory, web, root
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2016-8657, CVE-2017-6056
MD5 | a137d31543caa82f433b8f837722a0a7
Red Hat Security Advisory 2017-0826-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0826-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

tags | advisory, java, root
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2016-8657, CVE-2017-6056
MD5 | aaab8b7598169d922d129fae3907a471
Red Hat Security Advisory 2017-0827-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0827-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

tags | advisory, java, root
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2016-8657, CVE-2017-6056
MD5 | d8ac7b01f69e0963ec65da56acc19fb9
Red Hat Security Advisory 2017-0517-01
Posted Mar 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0517-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

tags | advisory, java, root
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2016-8657, CVE-2017-6056
MD5 | 90203953fdbd31f2a4cdc2b3df6e92f3
Page 1 of 1
Back1Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    7 Files
  • 11
    Jul 11th
    4 Files
  • 12
    Jul 12th
    4 Files
  • 13
    Jul 13th
    13 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close