Tomcat prior to 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gentoo linux 1.1a |
||
gentoo linux 1.2 |
||
gentoo linux 1.4 |
||
gentoo linux 0.5 |
||
gentoo linux 0.7 |