Commons Daemon
  1. Commons Daemon
  2. DAEMON-214

CVE-2011-2729: jsvc fails to drop capabilities on Linux

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 1.0.3, 1.0.4, 1.0.5, 1.0.6
    • Fix Version/s: 1.0.7
    • Component/s: Jsvc
    • Labels:
      None
    • Environment:

      Linux

      Description

      CVE-2011-2729: Commons Daemon fails to drop capabilities

      Severity: high

      Vendor:
      The Apache Software Foundation

      Versions Affected:
      Commons Daemon 1.0.3 to 1.0.6
      Additionally, these vulnerabilities only occur when all of the
      following are true:
      a) running on Linux operating system
      b) jsvc was compiled with libcap
      c) -user parameter is used

      Description:
      Due to bug in capabilities code, jsvc does not drop capabilities
      allowing the application to access files and directories owned by
      superuser.

      Mitigation:
      Affected users of all versions can mitigate these vulnerabilities by
      taking any of the following actions:
      a) upgrade to a version where the vulnerabilities have been fixed
      jsvc 1.0.3 - 1.0.6 users should upgrade to 1.0.7 version
      b) do not use -user parameter to switch user
      c) recompile the jsvc without libcap support

      Example:
      [root@fedora jsvctest]# ./jsvc -cp commons-daemon-1.0.6.jar:. -user jsvc ....
      [root@fedora jsvctest]# grep ^Cap /proc/<pid>/status
      CapInh: 0000000000000406
      CapPrm: 0000000000000406
      CapEff: 0000000000000406
      CapBnd: ffffffffffffffff

      [root@fedora jsvctest]# ./jsvc -cp commons-daemon-1.0.7.jar:. -user jsvc ....
      [root@fedora jsvctest]# grep ^Cap /proc/<pid>/status
      CapInh: 0000000000000000
      CapPrm: 0000000000000000
      CapEff: 0000000000000000
      CapBnd: ffffffffffffffff

      Credit:
      This issue was identified by Wilfried Weissmann.

        Activity

        Mladen Turk created issue -
        Hide
        Mladen Turk added a comment -

        Fixed with r1152701

        Show
        Mladen Turk added a comment - Fixed with r1152701
        Mladen Turk made changes -
        Field Original Value New Value
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Mladen Turk made changes -
        Affects Version/s 1.0.5 [ 12315476 ]
        Affects Version/s 1.0.4 [ 12315226 ]
        Affects Version/s 1.0.3 [ 12314831 ]

          People

          • Assignee:
            Mladen Turk
            Reporter:
            Mladen Turk
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Due:
              Created:
              Updated:
              Resolved:

              Development