CVE-2011-2729

Sažetak

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

Reference

http://tomcat.apache.org/security-7.html
https://issues.apache.org/jira/browse/DAEMON-214
http://tomcat.apache.org/security-5.html
https://bugzilla.redhat.com/show_bug.cgi?id=730400
http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch
http://svn.apache.org/viewvc?view=revision&revision=1153379
http://tomcat.apache.org/security-6.html
http://svn.apache.org/viewvc?view=revision&revision=1152701
http://www.securityfocus.com/bid/49143
http://securitytracker.com/id?1025925
http://svn.apache.org/viewvc?view=revision&revision=1153824
http://www.redhat.com/support/errata/RHSA-2011-1291.html
http://secunia.com/advisories/46030
http://www.redhat.com/support/errata/RHSA-2011-1292.html
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html
http://marc.info/?l=bugtraq&m=132215163318824&w=2
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://secunia.com/advisories/57126
http://marc.info/?l=bugtraq&m=133469267822771&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/69161
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19450
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14743
http://www.securityfocus.com/archive/1/519263/100/0/threaded
http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306%40apache.org%3E

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

13-02-2023 - 04:31

Objavljeno

15-08-2011 - 21:55