OpenCVE

Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gentoo	Linux

Configuration 1 [-]

OR	cpe:2.3:o:gentoo:linux:0.5:::::::*
	cpe:2.3:o:gentoo:linux:0.7:::::::*
	cpe:2.3:o:gentoo:linux:1.1a:::::::*
	cpe:2.3:o:gentoo:linux:1.2:::::::*
	cpe:2.3:o:gentoo:linux:1.4:::::::*
	cpe:2.3:o:gentoo:linux:1.4:rc1::::::
	cpe:2.3:o:gentoo:linux:1.4:rc2::::::
	cpe:2.3:o:gentoo:linux:1.4:rc3::::::

No data.

References

Link	Providers
http://secunia.com/advisories/12296/
http://www.gentoo.org/security/en/glsa/glsa-200408-15.xml
http://www.securityfocus.com/bid/10951
https://exchange.xforce.ibmcloud.com/vulnerabilities/16993

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-02-13T05:00:00

Updated: 2024-08-08T00:53:23.647Z

Reserved: 2005-02-13T00:00:00

Link: CVE-2004-1452

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-12-31T05:00:00.000

Modified: 2024-11-20T23:50:54.990

Link: CVE-2004-1452

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-08-15T00:00:00", "descriptions": [{"lang": "en", "value": "Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "10951", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/10951"}, {"name": "gentoo-tomcat-gain-privileges(16993)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16993"}, {"name": "GLSA-200408-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-15.xml"}, {"name": "12296", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/12296/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1452", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "10951", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10951"}, {"name": "gentoo-tomcat-gain-privileges(16993)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16993"}, {"name": "GLSA-200408-15", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-15.xml"}, {"name": "12296", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12296/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:53:23.647Z"}, "title": "CVE Program Container", "references": [{"name": "10951", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/10951"}, {"name": "gentoo-tomcat-gain-privileges(16993)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16993"}, {"name": "GLSA-200408-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-15.xml"}, {"name": "12296", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/12296/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1452", "datePublished": "2005-02-13T05:00:00", "dateReserved": "2005-02-13T00:00:00", "dateUpdated": "2024-08-08T00:53:23.647Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "980553F2-8662-47CF-95F0-645141746AEA", "vulnerable": true}, {"criteria": "cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*", "matchCriteriaId": "40EBF1CD-B392-4262-8F06-2C784ADAF0F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*", "matchCriteriaId": "9C00F84A-FCD4-4935-B7DE-ECBA6AE9B074", "vulnerable": true}, {"criteria": "cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "960DC6C2-B285-41D4-96F7-ED97F8BD5482", "vulnerable": true}, {"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "D1FD0EB4-E744-4465-AFEE-A3C807C9C993", "vulnerable": true}, {"criteria": "cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*", "matchCriteriaId": "1D866A7D-F0B9-4EA3-93C6-1E7C2C2A861F", "vulnerable": true}, {"criteria": "cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*", "matchCriteriaId": "57772E3B-893C-408A-AA3B-78C972ED4D5E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts."}], "id": "CVE-2004-1452", "lastModified": "2024-11-20T23:50:54.990", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://secunia.com/advisories/12296/"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-15.xml"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/10951"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16993"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://secunia.com/advisories/12296/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-15.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/10951"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16993"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}