Detections
Analytics
CVE-2011-2729
critical
Description
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19450
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14743
https://issues.apache.org/jira/browse/DAEMON-214
https://exchange.xforce.ibmcloud.com/vulnerabilities/69161
https://bugzilla.redhat.com/show_bug.cgi?id=730400
http://www.securityfocus.com/bid/49143
http://www.securityfocus.com/archive/1/519263/100/0/threaded
http://www.redhat.com/support/errata/RHSA-2011-1292.html
http://www.redhat.com/support/errata/RHSA-2011-1291.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-5.html
http://svn.apache.org/viewvc?view=revision&revision=1153824
http://svn.apache.org/viewvc?view=revision&revision=1153379
http://svn.apache.org/viewvc?view=revision&revision=1152701
http://securitytracker.com/id?1025925
http://secunia.com/advisories/57126
http://secunia.com/advisories/46030
http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://marc.info/?l=bugtraq&m=133469267822771&w=2
http://marc.info/?l=bugtraq&m=132215163318824&w=2
http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3E
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html