Uočena su tri nedostatka u radu programskog paketa tomcat6, poslužitelja web aplikacija koji se koristi kao podloga za Java Servlet i Java Server Pages tehnologije. Prvi problem se javlja jer SecurityManager postavlja neodgovarajuća ograničenja za ServletContext atribute, a napadaču omogućuje čitanje/pisanje izvan željenog radnog direktorija. Sljedeći propust se može iskoristiti udaljeno za umetanje proizvoljnog HTML ili skriptnog koda zbog nekoliko grešaka u HTML Manager sučelju. Posljednja ranjivost se javlja zbog neispravnog korištenja maxHttpHeaderSize ograničenja, što udaljeni napadač može iskoristiti za DoS napad. Preporuča se primjena dostupne programske zakrpe.
===========================================================
Ubuntu Security Notice USN-1097-1 March 29, 2011
tomcat6 vulnerabilities
CVE-2010-3718, CVE-2011-0013, CVE-2011-0534
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
libtomcat6-java 6.0.20-2ubuntu2.4
tomcat6-admin 6.0.20-2ubuntu2.4
Ubuntu 10.04 LTS:
libtomcat6-java 6.0.24-2ubuntu1.7
tomcat6-admin 6.0.24-2ubuntu1.7
Ubuntu 10.10:
libtomcat6-java 6.0.28-2ubuntu1.2
tomcat6-admin 6.0.28-2ubuntu1.2
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that the Tomcat SecurityManager did not properly restrict
the working directory. An attacker could use this flaw to read or write
files outside of the intended working directory. (CVE-2010-3718)
It was discovered that Tomcat did not properly escape certain parameters in
the Manager application which could result in browsers becoming vulnerable
to cross-site scripting attacks when processing the output. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data (such as
passwords), within the same domain. (CVE-2011-0013)
It was discovered that Tomcat incorrectly enforced the maxHttpHeaderSize
limit in certain configurations. A remote attacker could use this flaw to
cause Tomcat to consume all available memory, resulting in a denial of
service. (CVE-2011-0534)
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.4.diff.gz
Size/MD5: 30146 368440fa70bc0db3761dabf5f2709dda
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.4.dsc
Size/MD5: 2199 24aa6255ebff7bd1eb07dfa60724e814
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20.orig.tar.gz
Size/MD5: 3590562 44f49e7e14028b6a53c3c346bd18c72f
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.20-2ubuntu2.4_all.deb
Size/MD5: 247668 768a68b87440f30367d7411d0577d165
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.20-2ubuntu2.4_all.deb
Size/MD5: 183426 ed8f02b43e199f809f41fae880766e87
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.20-2ubuntu2.4_all.deb
Size/MD5: 2915040 4a12a41f6d19bd3b6ed60689ead5d006
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.20-2ubuntu2.4_all.deb
Size/MD5: 39302 c03eff75d4c4ae56b31f93665851a13a
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.20-2ubuntu2.4_all.deb
Size/MD5: 37028 5ecbb0f812963199b14d75f122f6e6f1
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.20-2ubuntu2.4_all.deb
Size/MD5: 480530 f6b5cef256b51db43e6312aed3036bf6
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.20-2ubuntu2.4_all.deb
Size/MD5: 419566 dbc1ceb31ccbd312b3b6e33bd1a852a2
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.20-2ubuntu2.4_all.deb
Size/MD5: 22166 68229ede69d18279fb42e8860b85dcb4
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.4_all.deb
Size/MD5: 26564 e476efe024c88de1af97d90e741f6861
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.7.debian.tar.gz
Size/MD5: 36286 14073ec9f0672f44cc6a32235e81c29d
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.7.dsc
Size/MD5: 2405 6b7d220adbe7cd6be08219e82d9aa455
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24.orig.tar.gz
Size/MD5: 3262568 0bc48af723d6fee31e404434b3744f66
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.24-2ubuntu1.7_all.deb
Size/MD5: 255654 3ce49af59adc048b9d09f8835872def6
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.24-2ubuntu1.7_all.deb
Size/MD5: 190998 5ada256123bf0f2caed7997bafc5a64f
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.24-2ubuntu1.7_all.deb
Size/MD5: 3008834 98b54b99e32a9438303232367b66d607
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.24-2ubuntu1.7_all.deb
Size/MD5: 42308 50bc5b02ee89bcfb03db3008923b55de
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.24-2ubuntu1.7_all.deb
Size/MD5: 46510 5be3c6ac05b1abd929f43b0fcfe48b90
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.24-2ubuntu1.7_all.deb
Size/MD5: 510134 6a08a6206e048f73c57bb47e666e6033
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.24-2ubuntu1.7_all.deb
Size/MD5: 158016 ba1ac786b1bae3b826b8760a0de2e2ff
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.24-2ubuntu1.7_all.deb
Size/MD5: 25632 047bb156942e60dddb28002002c0bf82
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.7_all.deb
Size/MD5: 31636 24c8c29feaa4d0e54e47f4fcd521d7b8
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28-2ubuntu1.2.debian.tar.gz
Size/MD5: 38583 a37a9a0eb6c8b47c02e68d3b2abf7bad
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28-2ubuntu1.2.dsc
Size/MD5: 2360 7195e057f375b37fb6bee143379aa709
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28.orig.tar.gz
Size/MD5: 3114279 c3d696609054be07a55c14a7de1b8ddf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.28-2ubuntu1.2_all.deb
Size/MD5: 248152 d369aba28ffd0f4915cdfa5df802e8b2
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.28-2ubuntu1.2_all.deb
Size/MD5: 191768 6825151048eb76f3e689a544c8556b02
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.28-2ubuntu1.2_all.deb
Size/MD5: 3025748 2a472cf2b6cb4db888267bc0929d6bf3
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.28-2ubuntu1.2_all.deb
Size/MD5: 42910 2ece5f8876f3af69148d6e43fc76d5d5
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.28-2ubuntu1.2_all.deb
Size/MD5: 47558 f5e5851d790a889592ec76e39553a9a7
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.28-2ubuntu1.2_all.deb
Size/MD5: 514046 759531246db94fed8d60aa3acf875e9a
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.28-2ubuntu1.2_all.deb
Size/MD5: 161072 ce091b828050a221a1b79665a3e36e9b
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.28-2ubuntu1.2_all.deb
Size/MD5: 26196 cf4d5b3b1f61f30fe244cc51d11f1c10
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28-2ubuntu1.2_all.deb
Size/MD5: 33088 1dbe58b7fda5951c3192f57671cb54bb
Posljednje sigurnosne preporuke