commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mladen Turk (JIRA)" <>
Subject [jira] [Created] (DAEMON-214) CVE-2011-2729: jsvc fails to drop capabilities on Linux
Date Fri, 12 Aug 2011 12:13:27 GMT
CVE-2011-2729: jsvc fails to drop capabilities on Linux

                 Key: DAEMON-214
             Project: Commons Daemon
          Issue Type: Bug
          Components: Jsvc
    Affects Versions: 1.0.6
         Environment: Linux
            Reporter: Mladen Turk
            Assignee: Mladen Turk
            Priority: Critical
             Fix For: 1.0.7

CVE-2011-2729: Commons Daemon fails to drop capabilities

Severity: high

The Apache Software Foundation

Versions Affected:
Commons Daemon 1.0.3 to 1.0.6
Additionally, these vulnerabilities only occur when all of the
following are true:
a) running on Linux operating system
b) jsvc was compiled with libcap
c) -user parameter is used

Due to bug in capabilities code, jsvc does not drop capabilities
allowing the application to access files and directories owned by

Affected users of all versions can mitigate these vulnerabilities by
taking any of the following actions:
a) upgrade to a version where the vulnerabilities have been fixed
   jsvc 1.0.3 - 1.0.6 users should upgrade to 1.0.7 version
b) do not use -user parameter to switch user
c) recompile the jsvc without libcap support

[root@fedora jsvctest]# ./jsvc -cp commons-daemon-1.0.6.jar:. -user jsvc ....
[root@fedora jsvctest]# grep ^Cap /proc/<pid>/status
CapInh:    0000000000000406
CapPrm:    0000000000000406
CapEff:    0000000000000406
CapBnd:    ffffffffffffffff 

[root@fedora jsvctest]# ./jsvc -cp commons-daemon-1.0.7.jar:. -user jsvc ....
[root@fedora jsvctest]# grep ^Cap /proc/<pid>/status
CapInh:    0000000000000000
CapPrm:    0000000000000000
CapEff:    0000000000000000
CapBnd:    ffffffffffffffff 

This issue was identified by Wilfried Weissmann.

This message is automatically generated by JIRA.
For more information on JIRA, see:


View raw message