Novell Home

CVE-2013-1976

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-1976 at MITRE

Description

The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.

NVD CVSS v2 Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entries: 822177, 824284

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Manager 1.2 for SLE 11 SP1
  • tomcat6 >= 6.0.18-20.35.42.1
  • tomcat6-jsp-2_1-api >= 6.0.18-20.35.42.1
  • tomcat6-lib >= 6.0.18-20.35.42.1
  • tomcat6-servlet-2_5-api >= 6.0.18-20.35.42.1
Builds
SAT Patch Nr: 8154
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • tomcat6 >= 6.0.18-20.35.42.1
  • tomcat6-admin-webapps >= 6.0.18-20.35.42.1
  • tomcat6-docs-webapp >= 6.0.18-20.35.42.1
  • tomcat6-javadoc >= 6.0.18-20.35.42.1
  • tomcat6-jsp-2_1-api >= 6.0.18-20.35.42.1
  • tomcat6-lib >= 6.0.18-20.35.42.1
  • tomcat6-servlet-2_5-api >= 6.0.18-20.35.42.1
  • tomcat6-webapps >= 6.0.18-20.35.42.1
Builds
SAT Patch Nr: 8155
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • tomcat6 >= 6.0.18-20.35.42.1
  • tomcat6-admin-webapps >= 6.0.18-20.35.42.1
  • tomcat6-docs-webapp >= 6.0.18-20.35.42.1
  • tomcat6-javadoc >= 6.0.18-20.35.42.1
  • tomcat6-jsp-2_1-api >= 6.0.18-20.35.42.1
  • tomcat6-lib >= 6.0.18-20.35.42.1
  • tomcat6-servlet-2_5-api >= 6.0.18-20.35.42.1
  • tomcat6-webapps >= 6.0.18-20.35.42.1
Builds
SAT Patch Nr: 8156

© 2014 Novell