commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mladen Turk (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DAEMON-214) CVE-2011-2729: jsvc fails to drop capabilities on Linux
Date Fri, 12 Aug 2011 12:13:27 GMT
CVE-2011-2729: jsvc fails to drop capabilities on Linux
-------------------------------------------------------

                 Key: DAEMON-214
                 URL: https://issues.apache.org/jira/browse/DAEMON-214
             Project: Commons Daemon
          Issue Type: Bug
          Components: Jsvc
    Affects Versions: 1.0.6
         Environment: Linux
            Reporter: Mladen Turk
            Assignee: Mladen Turk
            Priority: Critical
             Fix For: 1.0.7


CVE-2011-2729: Commons Daemon fails to drop capabilities

Severity: high

Vendor:
The Apache Software Foundation

Versions Affected:
Commons Daemon 1.0.3 to 1.0.6
Additionally, these vulnerabilities only occur when all of the
following are true:
a) running on Linux operating system
b) jsvc was compiled with libcap
c) -user parameter is used

Description:
Due to bug in capabilities code, jsvc does not drop capabilities
allowing the application to access files and directories owned by
superuser.

Mitigation:
Affected users of all versions can mitigate these vulnerabilities by
taking any of the following actions:
a) upgrade to a version where the vulnerabilities have been fixed
   jsvc 1.0.3 - 1.0.6 users should upgrade to 1.0.7 version
b) do not use -user parameter to switch user
c) recompile the jsvc without libcap support

Example:
[root@fedora jsvctest]# ./jsvc -cp commons-daemon-1.0.6.jar:. -user jsvc ....
[root@fedora jsvctest]# grep ^Cap /proc/<pid>/status
CapInh:    0000000000000406
CapPrm:    0000000000000406
CapEff:    0000000000000406
CapBnd:    ffffffffffffffff 

[root@fedora jsvctest]# ./jsvc -cp commons-daemon-1.0.7.jar:. -user jsvc ....
[root@fedora jsvctest]# grep ^Cap /proc/<pid>/status
CapInh:    0000000000000000
CapPrm:    0000000000000000
CapEff:    0000000000000000
CapBnd:    ffffffffffffffff 


Credit:
This issue was identified by Wilfried Weissmann.



--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message