oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation

From: Dawid Golunski <dawid () legalhackers com>
Date: Fri, 30 Sep 2016 21:15:35 -0300
CVE: CVE-2016-1240
Vulnerability: Tomcat packaging on Debian-based distros - Local Root
Privilege Escalation
Affected packages: Tomcat 6/7/8 deb packages (up to 8.0.36-2)
Systems affected: Debian & Ubuntu & possibly others (using the
affected deb packages)

Discovered by:
Dawid Golunski (http://legalhackers.com)

Tomcat (6, 7, 8) packages provided by default repositories on Debian-based
distributions (including Debian, Ubuntu etc.) provide a vulnerable
tomcat init script that allows local attackers who have already gained access
to the tomcat account (for example, by exploiting an RCE vulnerability
in a java web application hosted on Tomcat, uploading a webshell etc.) to
escalate their privileges from tomcat user to root and fully compromise the
target system.

The full Advisory and a PoC exploit can be found at:

http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html

-- 
Regards,
Dawid Golunski
http://legalhackers.com
Previous By Date Next
Previous By Thread Next

Current thread: