CVE-2004-1452

Current Description

Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.

Basic Data

PublishedDecember 31, 2004
Last ModifiedJuly 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.2
SeverityHIGH
Exploitability Score3.9
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSGentooLinux0.5*******
    2.3OSGentooLinux0.7*******
    2.3OSGentooLinux1.1a*******
    2.3OSGentooLinux1.2*******
    2.3OSGentooLinux1.4*******
    2.3OSGentooLinux1.4rc1******
    2.3OSGentooLinux1.4rc2******
    2.3OSGentooLinux1.4rc3******

Vulnerable Software List

VendorProductVersions
Gentoo Linux 0.5, 0.7, 1.1a, 1.2, 1.4

References

NameSourceURLTags
12296http://secunia.com/advisories/12296/SECUNIAPatch
GLSA-200408-15http://www.gentoo.org/security/en/glsa/glsa-200408-15.xmlGENTOOPatch
10951http://www.securityfocus.com/bid/10951BIDPatch
gentoo-tomcat-gain-privileges(16993)https://exchange.xforce.ibmcloud.com/vulnerabilities/16993XF