200306-01: tomcat 
Published: Jun 01, 2003 
Updated: Jun 01, 2003 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200306-01
- - - ---------------------------------------------------------------------

          PACKAGE : tomcat
          SUMMARY : insecure directory mode
             DATE : 2003-06-01 12:08 UTC
          EXPLOIT : local
VERSIONS AFFECTED : <tomcat-4.1.24-r1
    FIXED VERSION : >=tomcat-4.1.24-r1
              CVE :

- - - ---------------------------------------------------------------------

Versions prior to tomcat-4.1.24 created /opt/tomcat with a directory
mode which allowed users to access files containing passwords.

SOLUTION

Either upgrade to tomcat-4.1.24-r1 by running

emerge sync
emerge tomcat
emerge clean

or execute the following:

/etc/init.d/tomcat stop
chmod -R 750 /opt/tomcat/
/etc/init.d/tomcat start

- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
absinthe@gentoo.org
- - - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+2ezXfT7nyhUpoZMRAvw5AKC6CUN174Y/NVK/WGmt27sVcc5wswCfZmTY
/ikxuPJCR0QxIPxVxpTwrVE=
=UysX
-----END PGP SIGNATURE-----