Hurry up,fix the CVE-2016-5425 privilege escalation flaw in Apache Tomcat | Homeland Security Degrees

https://homelandsecurityedus.wordpress.com/2016/10/11/hurry-upfix-the-cve-2016-5425-privilege-escalation-flaw-in-apache-tomcat/

The security research Dawid Golunski reported a Root Privilege Escalation in the Apache Tomcat (RedHat-based distros) tracked as CVE-2016-5425.

Apache Tomcat packages provided by default repositories of RedHat-based distributions (i.e. CentOS, RedHat, OracleLinux, Fedora, etc.) create a tmpfiles.d configuration file with insecure permissions. The configuration file /usr/lib/tmpfiles.d/tomcat.conf could be modified by a member of the tomcat group or by a malicious web application deployed on Tomcat in order to trigger the issue and escalate their privileges to root and compromise the system.

Depending on the specific machine. the execution of systemd-tmpfiles could b…

To learn more visit: Security Affairs

The post Hurry up,fix the CVE-2016-5425 privilege escalation flaw in Apache Tomcat appeared first on Homeland Security Degrees.

Hurry up,fix the CVE-2016-5425 privilege escalation flaw in Apache Tomcat