CVE-2013-1976

NameCVE-2013-1976
DescriptionThe (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tomcat6 (PTS)jessie, jessie (lts)6.0.45+dfsg-1~deb8u1fixed
tomcat7 (PTS)jessie, jessie (lts)7.0.56-3+really7.0.109-1+deb8u6fixed
stretch7.0.75-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tomcat6source(unstable)(not affected)
tomcat7source(unstable)(not affected)

Notes

- tomcat6 <not-affected> (RedHat-specific issue)
- tomcat7 <not-affected> (RedHat-specific issue)

Search for package or bug name: Reporting problems