Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability

http://www.securityfocus.com/bid/49143

Security Info

Bugtraq ID:	49143
Class:	Access Validation Error
CVE:	CVE-2011-2729
Remote:	Yes
Local:	No
Published:	Aug 12 2011 12:00AM
Updated:	Jun 28 2012 04:20AM
Credit:	Wilfried Weissmann
Vulnerable:	Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 SuSE openSUSE 11.4 Red Hat JBoss Enterprise Web Server for RHEL 4 ES 1.0 Red Hat JBoss Enterprise Web Server for RHEL 4 AS 1.0 HP OpenVMS Secure Web Server 7.3 -2 HP OpenVMS Secure Web Server 7.3 -1 HP OpenVMS Secure Web Server 7.3 HP OpenVMS Secure Web Server 7.2 -2 HP OpenVMS Secure Web Server 1.2 HP OpenVMS Secure Web Server 1.1 -1 HP OpenVMS Secure Web Server 2.2 HP OpenVMS Secure Web Server 2.1-1 HP HP-UX B.11.31 HP HP-UX B.11.23 Gentoo Linux Blue Coat Systems Intelligence Center 3.2.1 Blue Coat Systems Intelligence Center 3.1.2 Blue Coat Systems Intelligence Center 3.1.1 Blue Coat Systems Intelligence Center 2.1.2 Blue Coat Systems Intelligence Center 2.1.1 Blue Coat Systems Intelligence Center 2.1 Blue Coat Systems Intelligence Center 2.0.1 Blue Coat Systems Intelligence Center 2.0 Blue Coat Systems Intelligence Center 3.2 Blue Coat Systems Intelligence Center 3.1 Avaya Aura Experience Portal 6.0 Avaya Aura Application Enablement Services 6.1.1 Avaya Aura Application Enablement Services 6.1 Apache Software Foundation Tomcat 7.0.15 Apache Software Foundation Tomcat 7.0.14 Apache Software Foundation Tomcat 7.0.13 Apache Software Foundation Tomcat 7.0.12 Apache Software Foundation Tomcat 7.0.12 Apache Software Foundation Tomcat 7.0.9 Apache Software Foundation Tomcat 7.0.8 Apache Software Foundation Tomcat 7.0.8 Apache Software Foundation Tomcat 7.0.7 Apache Software Foundation Tomcat 7.0.6 Apache Software Foundation Tomcat 7.0.6 Apache Software Foundation Tomcat 7.0.4 Apache Software Foundation Tomcat 7.0.4 Apache Software Foundation Tomcat 7.0.3 Apache Software Foundation Tomcat 7.0.3 Apache Software Foundation Tomcat 7.0.2 Apache Software Foundation Tomcat 7.0.2 Apache Software Foundation Tomcat 7.0.1 Apache Software Foundation Tomcat 7.0.1 Apache Software Foundation Tomcat 7.0 beta Apache Software Foundation Tomcat 7.0 Apache Software Foundation Tomcat 5.5.32 Apache Software Foundation Tomcat 7.0.5 Apache Software Foundation Tomcat 7.0.19 Apache Software Foundation Tomcat 7.0.18 Apache Software Foundation Tomcat 7.0.17 Apache Software Foundation Tomcat 7.0.11 Apache Software Foundation Tomcat 7.0.10 Apache Software Foundation Tomcat 7.0 Apache Software Foundation Tomcat 6.0.32 Apache Software Foundation Tomcat 6.0.31 Apache Software Foundation Tomcat 6.0.30 Apache Software Foundation Tomcat 5.5.33 Apache Software Foundation Tomcat 5.5.33 Apache Software Foundation Geronimo 2.1.7 Apache Software Foundation Geronimo 2.1.6 Apache Software Foundation Geronimo 2.1.5 Apache Software Foundation Geronimo 2.1.4 Apache Software Foundation Geronimo 2.1.3 Apache Software Foundation Geronimo 2.1.2 Apache Software Foundation Geronimo 2.1.1 Apache Software Foundation Geronimo 2.0.2 Apache Software Foundation Geronimo 2.0.1 Apache Software Foundation Geronimo 1.1.1 Apache Software Foundation Geronimo 1.1 Apache Software Foundation Geronimo 1.0.1 Apache Software Foundation Geronimo 1.0 Apache Software Foundation Geronimo 2.1 Apache Software Foundation Geronimo 2.0 Apache Software Foundation Geronimo 1.2 Apache Software Foundation Geronimo 1.1 Apache Software Foundation Geronimo 1.0 Apache Software Foundation Commons Daemon 1.0.6

Not Vulnerable:	Blue Coat Systems Intelligence Center 3.2.2.1 Apache Software Foundation Tomcat 5.5.34 Apache Software Foundation Tomcat 7.0.20 Apache Software Foundation Tomcat 6.0.33 Apache Software Foundation Geronimo 2.1.8 Apache Software Foundation Commons Daemon 1.0.7

Security Discussion

Apache Commons Daemon is prone to a remote information-disclosure vulnerability that affects the 'jsvc' library.

Remote attackers can exploit this issue to gain access to files and directories owned by the superuser, through applications using the affected library. This allows attackers to obtain sensitive information that may aid in further attacks.

Note: This issue affects applications running on Linux operating systems only.

Versions prior to Commons Daemon 1.0.7 are vulnerable.

The following Apache Tomcat versions which use the affected library are vulnerable:

Tomcat 7.0.0 through 7.0.19
Tomcat 6.0.30 through 6.0.32
Tomcat 5.5.32 through 5.5.33

Proof of Concept and Security Exploits

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Security Solution(s)

Solution:
Updates are available. Please see the references for more information.

Security References(s)

References:

[SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomc (Apache Software Foundation)
Apache Commons Daemon (Apache Software Foundation)
Apache Tomcat 5.x vulnerabilities (Apache)
Apache Tomcat 6.x vulnerabilities (Apache)
Apache Tomcat 7.x vulnerabilities (Apache Software Foundation)
Apache Tomcat Homepage (Apache)
Fixed in Geronimo 2.1.8 (Apache Geronimo)
HPSBUX02725 SSRT100627 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remot (HP)
Jsvc Homepage (Apache Software Foundation)
ASA-2011-331 Apache Tomcat Commons Daemon fails to drop capabilities (CVE-2011-2 (Avaya)
January 10, 2012 - Multiple Tomcat vulnerabilities in IntelligenceCenter (Blue Coat Systems)

Emagined Security Blog featuring Dr. Eugene Schultz

Secure Web Programming
by Vizual Services