CVE-2016-9775
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack.
El script postrm en el paquete tomcat6 en versiones anteriores a 6.0.45+dfsg-1~deb7u3 en Debian wheezy, en versiones anteriores a 6.0.45+dfsg-1~deb8u1 en Debian jessie, en versiones anteriores a 6.0.35-1ubuntu3.9 rn Ubuntu 12.04 LTS y en Ubuntu 14.04 LTS; el paquete tomcat7 en versiones anteriores a 7.0.28-4+deb7u7 en Debian wheezy, en versiones anteriores a 7.0.56-3+deb8u6 en Debian jessie, en versiones anteriores a 7.0.52-1ubuntu0.8 en Ubuntu 14.04 LTS, y en Ubuntu 12.04 LTS, 16.04 LTS y 16.10; y el paquete tomcat8 en versiones anteriores a 8.0.14-1+deb8u5 en Debian jessie, en versiones anteriores a 8.0.32-1ubuntu1.3 en Ubuntu 16.04 LTS, en versiones anteriores a 8.0.37-1ubuntu0.1 en Ubuntu 16.10 y en versiones anteriores a 8.0.38-2ubuntu1 en Ubuntu 17.04 podrían permitir a usuarios locales con acceso a la cuenta tomcat obtener privilegios root a través de un programa setgid en el directorio Catalina, como se demuestra por /etc/tomcat8/Catalina/attack
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-02 CVE Reserved
- 2016-12-18 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/12/02/10 | Mailing List | |
http://www.openwall.com/lists/oss-security/2016/12/02/5 | Mailing List | |
http://www.securityfocus.com/bid/94643 | Third Party Advisory | |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845385 | Mailing List | |
https://security.netapp.com/advisory/ntap-20180731-0002 | X_refsource_confirm | |
https://www.oracle.com/security-alerts/cpuApr2021.html | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2016/dsa-3738 | 2021-06-14 | |
http://www.debian.org/security/2016/dsa-3739 | 2021-06-14 | |
http://www.ubuntu.com/usn/USN-3177-1 | 2021-06-14 | |
http://www.ubuntu.com/usn/USN-3177-2 | 2021-06-14 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.10" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 6.0 Search vendor "Apache" for product "Tomcat" and version "6.0" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0 Search vendor "Apache" for product "Tomcat" and version "7.0" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 8.0 Search vendor "Apache" for product "Tomcat" and version "8.0" | - |
Affected
|