CVE-2013-1976

Sažetak

The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.

Reference

http://lists.opensuse.org/opensuse-updates/2013-08/msg00013.html
http://rhn.redhat.com/errata/RHSA-2013-0869.html
http://rhn.redhat.com/errata/RHSA-2013-0870.html
http://rhn.redhat.com/errata/RHSA-2013-0871.html
http://rhn.redhat.com/errata/RHSA-2013-0872.html
https://bugzilla.redhat.com/show_bug.cgi?id=927622

CVSS

Base:	6.9
Impact:	10.0
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

22-04-2019 - 17:48

Objavljeno

09-07-2013 - 17:55