CVE-2011-2729 – jakarta-commons-daemon: jsvc does not drop capabilities allowing access to files and directories owned by the superuser

https://notcve.org/view.php?id=CVE-2011-2729

15 Aug 2011 — native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application. native/unix/native/jsvc-unix.c en jsvc en el componente Daemon v1.0.3 hasta v1.0.6 en Apache Commons, usado en Apache Tomcat v5.5.32 hasta v5.5.33, v6.0.30 hasta v6.0.32, y v7.0... • http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html • CWE-264: Permissions, Privileges, and Access Controls •