Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: tomcat (200306-01)
Date: Sun, 01 Jun 2003 17:36:34
Message-Id: 20030601120856.60D32336F4@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200306-01
6 - - - ---------------------------------------------------------------------
7
8 PACKAGE : tomcat
9 SUMMARY : insecure directory mode
10 DATE : 2003-06-01 12:08 UTC
11 EXPLOIT : local
12 VERSIONS AFFECTED : <tomcat-4.1.24-r1
13 FIXED VERSION : >=tomcat-4.1.24-r1
14 CVE :
15
16 - - - ---------------------------------------------------------------------
17
18 Versions prior to tomcat-4.1.24 created /opt/tomcat with a directory
19 mode which allowed users to access files containing passwords.
20
21 SOLUTION
22
23 Either upgrade to tomcat-4.1.24-r1 by running
24
25 emerge sync
26 emerge tomcat
27 emerge clean
28
29 or execute the following:
30
31 /etc/init.d/tomcat stop
32 chmod -R 750 /opt/tomcat/
33 /etc/init.d/tomcat start
34
35 - - - ---------------------------------------------------------------------
36 aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz
37 absinthe@g.o
38 - - - ---------------------------------------------------------------------
39 -----BEGIN PGP SIGNATURE-----
40 Version: GnuPG v1.2.2 (GNU/Linux)
41
42 iD8DBQE+2ezXfT7nyhUpoZMRAvw5AKC6CUN174Y/NVK/WGmt27sVcc5wswCfZmTY
43 /ikxuPJCR0QxIPxVxpTwrVE=
44 =UysX
45 -----END PGP SIGNATURE-----
Report Message
Find on MARC Find on Google Groups