drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Erzeugung eines Verzeichnisses mit falschen Permissions in tomcat
Name: |
Erzeugung eines Verzeichnisses mit falschen Permissions in tomcat
|
|
ID: |
200306-01 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Mo, 2. Juni 2003, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Apache Tomcat |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200306-01 --------------------------------------------------------------------
PACKAGE : tomcat SUMMARY : insecure directory mode DATE : 2003-06-01 12:08 UTC EXPLOIT : local VERSIONS AFFECTED : <tomcat-4.1.24-r1 FIXED VERSION : >=tomcat-4.1.24-r1 CVE :
--------------------------------------------------------------------
Versions prior to tomcat-4.1.24 created /opt/tomcat with a directory mode which allowed users to access files containing passwords.
SOLUTION
Either upgrade to tomcat-4.1.24-r1 by running
emerge sync emerge tomcat emerge clean
or execute the following:
/etc/init.d/tomcat stop chmod -R 750 /opt/tomcat/ /etc/init.d/tomcat start
-------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz absinthe@gentoo.org -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+2ezXfT7nyhUpoZMRAvw5AKC6CUN174Y/NVK/WGmt27sVcc5wswCfZmTY /ikxuPJCR0QxIPxVxpTwrVE= =UysX -----END PGP SIGNATURE-----
|
|
|
|