Description
Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.
References (4)
Core 4
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10951
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16993
Patch vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200408-15.xml
Patch third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12296/
Scores
EPSS
0.0006
EPSS Percentile
18.3%
Details
Status
published
Products (5)
gentoo/linux
0.5
gentoo/linux
0.7
gentoo/linux
1.1a
gentoo/linux
1.2
gentoo/linux
1.4 (4 CPE variants)
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026