CVE-2004-1452

Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/12296/	Patch
http://www.gentoo.org/security/en/glsa/glsa-200408-15.xml	Patch
http://www.securityfocus.com/bid/10951	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/16993
http://secunia.com/advisories/12296/	Patch
http://www.gentoo.org/security/en/glsa/glsa-200408-15.xml	Patch
http://www.securityfocus.com/bid/10951	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/16993

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:gentoo:linux:0.5:::::::*
	cpe:2.3:o:gentoo:linux:0.7:::::::*
	cpe:2.3:o:gentoo:linux:1.1a:::::::*
	cpe:2.3:o:gentoo:linux:1.2:::::::*
	cpe:2.3:o:gentoo:linux:1.4:::::::*
	cpe:2.3:o:gentoo:linux:1.4:rc1::::::
	cpe:2.3:o:gentoo:linux:1.4:rc2::::::
	cpe:2.3:o:gentoo:linux:1.4:rc3::::::

History

20 Nov 2024, 23:50

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/12296/ - Patch~~	() http://secunia.com/advisories/12296/ - Patch
References	~~() http://www.gentoo.org/security/en/glsa/glsa-200408-15.xml - Patch~~	() http://www.gentoo.org/security/en/glsa/glsa-200408-15.xml - Patch
References	~~() http://www.securityfocus.com/bid/10951 - Patch~~	() http://www.securityfocus.com/bid/10951 - Patch
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/16993 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/16993 -

Information

Published : 2004-12-31 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-1452

Mitre link : CVE-2004-1452

CVE.ORG link : CVE-2004-1452

JSON object : View

Products Affected

gentoo

linux

CWE

NVD-CWE-Other

{"id": "CVE-2004-1452", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"url": "http://secunia.com/advisories/12296/", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-15.xml", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/10951", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16993", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/12296/", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-15.xml", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/10951", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16993", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "980553F2-8662-47CF-95F0-645141746AEA"}, {"criteria": "cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40EBF1CD-B392-4262-8F06-2C784ADAF0F0"}, {"criteria": "cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C00F84A-FCD4-4935-B7DE-ECBA6AE9B074"}, {"criteria": "cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "960DC6C2-B285-41D4-96F7-ED97F8BD5482"}, {"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB"}, {"criteria": "cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1FD0EB4-E744-4465-AFEE-A3C807C9C993"}, {"criteria": "cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D866A7D-F0B9-4EA3-93C6-1E7C2C2A861F"}, {"criteria": "cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57772E3B-893C-408A-AA3B-78C972ED4D5E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.2 /10