[tomcat8] 01/02: Fixed CVE-2016-1240: Local Root Privilege Escalation

Thu, 15 Sep 2016 11:52:29 -0700 

This is an automated email from the git hooks/post-receive script.

ebourg-guest pushed a commit to branch master
in repository tomcat8.

commit ed788f784c8cba28253f5be4453cc0fb6b284cdb
Author: Emmanuel Bourg <[email protected]>
Date:   Wed Sep 14 10:19:59 2016 +0200

    Fixed CVE-2016-1240: Local Root Privilege Escalation
---
 debian/changelog    | 8 +++++++-
 debian/tomcat8.init | 6 ++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 3e0d79c..151fe54 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,12 @@
-tomcat8 (8.0.36-3) UNRELEASED; urgency=medium
+tomcat8 (8.0.36-3) UNRELEASED; urgency=high
 
   * Team upload.
+  * Fixed CVE-2016-1240: A flaw in the init.d startup script allows local
+    attackers who have gained access to the server in the context of the
+    tomcat user through a vulnerability in a web application to replace
+    the catalina.out file with a symlink to an arbitrary file on the system,
+    potentially leading to a root privilege escalation.
+    Thanks to Dawid Golunski for the report.
   * Removed the default 128M heap limit (LP: #568823)
   * Depend on taglibs-standard instead of jakarta-taglibs-standard
 
diff --git a/debian/tomcat8.init b/debian/tomcat8.init
index a14e191..0cffa37 100644
--- a/debian/tomcat8.init
+++ b/debian/tomcat8.init
@@ -169,8 +169,10 @@ catalina_sh() {
 
        # Run the catalina.sh script as a daemon
        set +e
-       touch "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out
-       chown $TOMCAT8_USER "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out
+       if [ ! -f "$CATALINA_BASE"/logs/catalina.out ]; then
+               install -o $TOMCAT8_USER -g adm -m 644 /dev/null 
"$CATALINA_BASE"/logs/catalina.out
+       fi
+       install -o $TOMCAT8_USER -g adm -m 644 /dev/null "$CATALINA_PID"
        start-stop-daemon --start -b -u "$TOMCAT8_USER" -g "$TOMCAT8_GROUP" \
                -c "$TOMCAT8_USER" -d "$CATALINA_TMPDIR" -p "$CATALINA_PID" \
                -x /bin/bash -- -c "$AUTHBIND_COMMAND $TOMCAT_SH"

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-java/tomcat8.git

_______________________________________________
pkg-java-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits

Reply via email to