commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mladen Turk (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (DAEMON-214) CVE-2011-2729: jsvc fails to drop capabilities on Linux
Date Fri, 12 Aug 2011 12:21:27 GMT

     [ https://issues.apache.org/jira/browse/DAEMON-214?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Mladen Turk resolved DAEMON-214.
--------------------------------

    Resolution: Fixed

Fixed with r1152701

> CVE-2011-2729: jsvc fails to drop capabilities on Linux
> -------------------------------------------------------
>
>                 Key: DAEMON-214
>                 URL: https://issues.apache.org/jira/browse/DAEMON-214
>             Project: Commons Daemon
>          Issue Type: Bug
>          Components: Jsvc
>    Affects Versions: 1.0.6
>         Environment: Linux
>            Reporter: Mladen Turk
>            Assignee: Mladen Turk
>            Priority: Critical
>             Fix For: 1.0.7
>
>
> CVE-2011-2729: Commons Daemon fails to drop capabilities
> Severity: high
> Vendor:
> The Apache Software Foundation
> Versions Affected:
> Commons Daemon 1.0.3 to 1.0.6
> Additionally, these vulnerabilities only occur when all of the
> following are true:
> a) running on Linux operating system
> b) jsvc was compiled with libcap
> c) -user parameter is used
> Description:
> Due to bug in capabilities code, jsvc does not drop capabilities
> allowing the application to access files and directories owned by
> superuser.
> Mitigation:
> Affected users of all versions can mitigate these vulnerabilities by
> taking any of the following actions:
> a) upgrade to a version where the vulnerabilities have been fixed
>    jsvc 1.0.3 - 1.0.6 users should upgrade to 1.0.7 version
> b) do not use -user parameter to switch user
> c) recompile the jsvc without libcap support
> Example:
> [root@fedora jsvctest]# ./jsvc -cp commons-daemon-1.0.6.jar:. -user jsvc ....
> [root@fedora jsvctest]# grep ^Cap /proc/<pid>/status
> CapInh:    0000000000000406
> CapPrm:    0000000000000406
> CapEff:    0000000000000406
> CapBnd:    ffffffffffffffff 
> [root@fedora jsvctest]# ./jsvc -cp commons-daemon-1.0.7.jar:. -user jsvc ....
> [root@fedora jsvctest]# grep ^Cap /proc/<pid>/status
> CapInh:    0000000000000000
> CapPrm:    0000000000000000
> CapEff:    0000000000000000
> CapBnd:    ffffffffffffffff 
> Credit:
> This issue was identified by Wilfried Weissmann.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message