[Full-disclosure] [ MDVSA-2011:030 ] tomcat5



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:030
http://www.mandriva.com/security/
_______________________________________________________________________

Package : tomcat5
Date : February 18, 2011
Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in tomcat5:

When running under a SecurityManager, access to the file system is
limited but web applications are granted read/write permissions to
the work directory. This directory is used for a variety of temporary
files such as the intermediate files generated when compiling JSPs
to Servlets. The location of the work directory is specified by
a ServletContect attribute that is meant to be read-only to web
applications. However, due to a coding error, the read-only setting
was not applied. Therefore, a malicious web application may modify
the attribute before Tomcat applies the file permissions. This can be
used to grant read/write permissions to any area on the file system
which a malicious web application may then take advantage of. This
vulnerability is only applicable when hosting web applications from
untrusted sources such as shared hosting environments (CVE-2010-3718).

The HTML Manager interface displayed web applciation provided data,
such as display names, without filtering. A malicious web application
could trigger script execution by an administartive user when viewing
the manager pages (CVE-2011-0013).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
4acc23d840bdd74a8a2a27717c57f813 2009.0/i586/tomcat5-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
d901fdb0a4995bf9eb2870b3c9a1d249 2009.0/i586/tomcat5-admin-webapps-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
ae34366f41b039c6e53631b185547a7b 2009.0/i586/tomcat5-common-lib-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
ade05ceda9f2ae4fb342e7ef5df474e2 2009.0/i586/tomcat5-jasper-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
51fab09365486ad60ed686935c1c7511 2009.0/i586/tomcat5-jasper-eclipse-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
5f1fc1ea7c38546a38a04000cdf9212a 2009.0/i586/tomcat5-jasper-javadoc-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
bddc26db0a0e9aea3223927566b11442 2009.0/i586/tomcat5-jsp-2.0-api-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
effd51cb30b8d2bb5f12a3a0507b1260 2009.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
e71a36bd07ad8f241104e0e322900d55 2009.0/i586/tomcat5-server-lib-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
fc68ce165e49fa63529cda996f9e7e6f 2009.0/i586/tomcat5-servlet-2.4-api-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
aa8f7e5205aa734f94661d2e1d87cf03 2009.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
09488edfcc731340c51322540e050445 2009.0/i586/tomcat5-webapps-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
78f469b9bdf9461e9dd423fa51a00fbb 2009.0/SRPMS/tomcat5-5.5.27-0.3.0.4mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
7f3a9c9a0f48012967fece5d682cc344 2009.0/x86_64/tomcat5-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
3151ab51c99456cf46095557b421a47d 2009.0/x86_64/tomcat5-admin-webapps-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
4312fccb593f577b34a77363c140460b 2009.0/x86_64/tomcat5-common-lib-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
04580ac069d37ea7ce1223f744dd63bf 2009.0/x86_64/tomcat5-jasper-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
adf6a50a74e425cd579d4c76fe518f88 2009.0/x86_64/tomcat5-jasper-eclipse-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
be1cdc23f0f7a115835062c6dd22f68e 2009.0/x86_64/tomcat5-jasper-javadoc-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
827ce79fb2c78c7cd5e2b9ed74e60564 2009.0/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
5ad827a665ee9a6b20d1e771ada0922a 2009.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
1133aad0b9a2715bbea40e925f065f0e 2009.0/x86_64/tomcat5-server-lib-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
734a3311954704b8d31c134c204273f3 2009.0/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
e61e4817d3fe00bca326b7d078d38cc1 2009.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
4f37e8f46d3435971ad107d3012c2722 2009.0/x86_64/tomcat5-webapps-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
78f469b9bdf9461e9dd423fa51a00fbb 2009.0/SRPMS/tomcat5-5.5.27-0.3.0.4mdv2009.0.src.rpm

Mandriva Linux 2010.0:
39e1b0164f00a89b96865243916eccb6 2010.0/i586/tomcat5-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
b406cccf6e7886b5c47de22ecc82088d 2010.0/i586/tomcat5-admin-webapps-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
b5c3e735cec844c1a7c1206c78a6af51 2010.0/i586/tomcat5-common-lib-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
0561c5ba6f593f8cb21d6433b31bbdf0 2010.0/i586/tomcat5-jasper-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
c3d3ed8727164b1542b08cc35b74eeb3 2010.0/i586/tomcat5-jasper-eclipse-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
137b051b6fa4a159098151aed959d4b8 2010.0/i586/tomcat5-jasper-javadoc-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
fb2d81779b9a6701f935b69c72dfd1a2 2010.0/i586/tomcat5-jsp-2.0-api-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
247083e1e461555c064c57fb22293eb4 2010.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
1eb783fc2a5fd77fc04327f103f3e924 2010.0/i586/tomcat5-server-lib-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
ff93f3807ad38a6f3efd3b755e4b8a9c 2010.0/i586/tomcat5-servlet-2.4-api-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
63293aef2e275ccf3c5dca5ab69b1a5b 2010.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
5295cf4e876b552468657fd61eff83af 2010.0/i586/tomcat5-webapps-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
3e8072e942561408d7c33bd24517b4c9 2010.0/SRPMS/tomcat5-5.5.27-0.5.0.2mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
c4999736e1bc0c9a5a97d594cee65c1c 2010.0/x86_64/tomcat5-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
6b1e3d535d54b0be9e2ae5d1097ccada 2010.0/x86_64/tomcat5-admin-webapps-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
8b312a00888405017f0a569a941ef886 2010.0/x86_64/tomcat5-common-lib-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
2418f2e08935a6f0992b092a4bffecc8 2010.0/x86_64/tomcat5-jasper-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
83a682d9a8f037101b9551cd78a016c6 2010.0/x86_64/tomcat5-jasper-eclipse-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
bb1adfd0118f39da9a5b3f65ae84e62f 2010.0/x86_64/tomcat5-jasper-javadoc-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
4a98e6b4fc7d0f857fc992b939d842ad 2010.0/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
4037dc8df08254a5c8e93313221a7514 2010.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
1c1a706e810c6cd0c063d84b0522585a 2010.0/x86_64/tomcat5-server-lib-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
62bc24195dda4032d33bb206031bd037 2010.0/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
c3bb0d7222dbc10f3d14a95ca8a79644 2010.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
a300b02d11c66be9c4b7025a16db508d 2010.0/x86_64/tomcat5-webapps-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
3e8072e942561408d7c33bd24517b4c9 2010.0/SRPMS/tomcat5-5.5.27-0.5.0.2mdv2010.0.src.rpm

Mandriva Linux 2010.1:
5bdb48aeda19057db32a64589eacd82a 2010.1/i586/tomcat5-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
96ecbc6c012122bf2e11e500c6402205 2010.1/i586/tomcat5-admin-webapps-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
a176c1651cc2d08ed8510c01622d5176 2010.1/i586/tomcat5-common-lib-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
9240df47c808e342c5bc6dcd910d85f5 2010.1/i586/tomcat5-jasper-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
6f46c2c619ec79ec43783efcf7e908c2 2010.1/i586/tomcat5-jasper-eclipse-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
133a8b24ec4aa7662c0145ff5303beca 2010.1/i586/tomcat5-jasper-javadoc-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
97eaf631f481c6431c7439755e33fde5 2010.1/i586/tomcat5-jsp-2.0-api-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
794935023c7630d13a887b474b78bb7e 2010.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
ce72eb40ddf157064e8926eb58e2740b 2010.1/i586/tomcat5-server-lib-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
84f3460a32131aef7f663ea2c5981859 2010.1/i586/tomcat5-servlet-2.4-api-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
f04fe3121f8b1cf579f0cc92099c364a 2010.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
ec6163a7e1ee720c01f86b7070ae1a5d 2010.1/i586/tomcat5-webapps-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
e480656f0abde41f97e478151a7fc71f 2010.1/SRPMS/tomcat5-5.5.28-0.5.0.2mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
405ff9248913717a0249614e3ccdeff4 2010.1/x86_64/tomcat5-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
0500f420f913cac42c8c2398182e0b8d 2010.1/x86_64/tomcat5-admin-webapps-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
f796e84a6cf4dac452eaaec03b819c97 2010.1/x86_64/tomcat5-common-lib-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
3e25bb28dc6c08b2dcbd1a272d01eaec 2010.1/x86_64/tomcat5-jasper-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
07e577e2fbc57e40b944478449715240 2010.1/x86_64/tomcat5-jasper-eclipse-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
1e688aca310915303d257abaa0c55099 2010.1/x86_64/tomcat5-jasper-javadoc-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
631f812a7a32013ba301cecbeb23163d 2010.1/x86_64/tomcat5-jsp-2.0-api-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
5970e0221d6d5386f04316b6805c6bfc 2010.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
f64a8611f668cd19bafb0a8884c3b998 2010.1/x86_64/tomcat5-server-lib-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
ba19195b485e4468780f36010c5215b5 2010.1/x86_64/tomcat5-servlet-2.4-api-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
e241ad2d2ea43d6515b61a256fdbc61e 2010.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
15718f212c8d29bdbaac81ab40afbd2a 2010.1/x86_64/tomcat5-webapps-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
e480656f0abde41f97e478151a7fc71f 2010.1/SRPMS/tomcat5-5.5.28-0.5.0.2mdv2010.2.src.rpm

Mandriva Enterprise Server 5:
bd71ae4141fbf5a884cfbccc756c8329 mes5/i586/tomcat5-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
75b8764895d7b231901602dd0605f2e2 mes5/i586/tomcat5-admin-webapps-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
6c827ad66b01560b72c5a8c96616afaa mes5/i586/tomcat5-common-lib-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
1a2155333c323146ef3e1fbdeae96035 mes5/i586/tomcat5-jasper-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
554ec541f6857a7946a6fae67c0a2fa6 mes5/i586/tomcat5-jasper-eclipse-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
10b54ca8ebefcd816bade65dae8e408b mes5/i586/tomcat5-jasper-javadoc-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
8a12958fd3040ca0f4ce23bb7a3a1bdf mes5/i586/tomcat5-jsp-2.0-api-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
320881d8a847077fc8a7d70d7d0e0a02 mes5/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
8ab623786a3479dc5e990b9949a13502 mes5/i586/tomcat5-server-lib-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
d4c53039181b378a3da1016c137ad843 mes5/i586/tomcat5-servlet-2.4-api-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
52922ac7e5b4c1a7356d5248cf264a1d mes5/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
6cf03c3b0981031f6bf7b8710990bcb0 mes5/i586/tomcat5-webapps-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
a4f9e4804454f2d628865ad654d6a188 mes5/SRPMS/tomcat5-5.5.27-0.3.0.4mdvmes5.1.src.rpm

Mandriva Enterprise Server 5/X86_64:
20eee581278206c28db4e304a6756671 mes5/x86_64/tomcat5-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
d6b1d88885c03c36a84dd7703bb82bbb mes5/x86_64/tomcat5-admin-webapps-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
a04900de513cbaf5359b41b1df0e9ff3 mes5/x86_64/tomcat5-common-lib-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
c58d2e125e9c2e4de256224d64cf1d46 mes5/x86_64/tomcat5-jasper-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
7612d8a28f5e008405a282ceb265a769 mes5/x86_64/tomcat5-jasper-eclipse-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
0796bfcd6e042c1128426bb47aae03d5 mes5/x86_64/tomcat5-jasper-javadoc-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
2ccd09878fd1f3ef8e4846864bd2f71e mes5/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
1b94570c1a5913fd0eefbcbee71afdc8 mes5/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
ca2608f81795ff805e34e7316799a6a7 mes5/x86_64/tomcat5-server-lib-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
37d677648216a2d5577db95f0ab9f194 mes5/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
42077f152ee121ed61cda754200f8902 mes5/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
75657b92a4a6d94e27c3188653cad41e mes5/x86_64/tomcat5-webapps-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
a4f9e4804454f2d628865ad654d6a188 mes5/SRPMS/tomcat5-5.5.27-0.3.0.4mdvmes5.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNXrAVmqjQ0CJFipgRAjIfAJ4yL+76n74D2G8gpFyNCGQ4s6+6GACglNTw
j0b0pCkznIMqccTMYR+zW5E=
=KGzB
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • [Full-disclosure] [ MDVSA-2010:042 ] firefox
    ... Security researcher Orlando Barrera II reported via TippingPoint's Zero ... Packages for 2008.0 are provided for Corporate Desktop 2008.0 ... Mandriva Linux 2008.0/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2010:042 ] firefox
    ... Security researcher Orlando Barrera II reported via TippingPoint's Zero ... Packages for 2008.0 are provided for Corporate Desktop 2008.0 ... Mandriva Linux 2008.0/X86_64: ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2011:027 ] openoffice.org
    ... Multiple directory traversal vulnerabilities allow remote attackers ... OpenOffice.org packages have been updated in order to fix these ... Mandriva Linux 2009.0/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2011:027 ] openoffice.org
    ... Multiple directory traversal vulnerabilities allow remote attackers ... OpenOffice.org packages have been updated in order to fix these ... Mandriva Linux 2009.0/X86_64: ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2011:080 ] mozilla-thunderbird
    ... Security issues were identified and fixed in mozilla-thunderbird: ... Packages for 2009.0 are provided as of the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ...
    (Full-Disclosure)