Vulnerability Name:

CVE-2016-9774 (CCN-123734)

Assigned:2016-12-02
Published:2016-12-02
Updated:2018-08-02
Summary:The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory.
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.2 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-59
Vulnerability Consequences:File Manipulation
References:Source: MITRE
Type: CNA
CVE-2016-9774

Source: DEBIAN
Type: Third Party Advisory
DSA-3738

Source: DEBIAN
Type: Third Party Advisory
DSA-3739

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20161202 Re: CVE request: tomcat privilege escalations in Debian packaging

Source: CCN
Type: oss-sec Mailing List, Fri, 2 Dec 2016 10:07:43 +0000 (UTC)
CVE request: tomcat privilege escalations in Debian packaging

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20161202 CVE request: tomcat privilege escalations in Debian packaging

Source: BID
Type: Third Party Advisory, VDB Entry
94643

Source: CCN
Type: BID-94643
Debian Tomcat Package Multiple Local Privilege Escalation Vulnerabilities

Source: UBUNTU
Type: Third Party Advisory
USN-3177-1

Source: UBUNTU
Type: Third Party Advisory
USN-3177-2

Source: CONFIRM
Type: Mailing List, Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845393

Source: XF
Type: UNKNOWN
debian-tomcat-cve20169774-priv-esc(123734)

Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20180731-0002/

Source: CCN
Type: Debian Security Advisory
DSA-3738-1 tomcat7 -- security update

Source: CCN
Type: Debian Security Advisory
DSA-3739-1 tomcat8 -- security update

Vulnerable Configuration:Configuration 1:
  • cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/a:apache:tomcat:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.artful:def:20169774000
    V
    CVE-2016-9774 on Ubuntu 17.10 (artful) - medium.
    2017-03-23
    oval:com.ubuntu.trusty:def:20169774000
    V
    CVE-2016-9774 on Ubuntu 14.04 LTS (trusty) - medium.
    2017-03-23
    oval:com.ubuntu.cosmic:def:201697740000000
    V
    CVE-2016-9774 on Ubuntu 18.10 (cosmic) - medium.
    2017-03-23
    oval:com.ubuntu.bionic:def:20169774000
    V
    CVE-2016-9774 on Ubuntu 18.04 LTS (bionic) - medium.
    2017-03-23
    oval:com.ubuntu.xenial:def:20169774000
    V
    CVE-2016-9774 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-03-23
    oval:com.ubuntu.bionic:def:201697740000000
    V
    CVE-2016-9774 on Ubuntu 18.04 LTS (bionic) - medium.
    2017-03-23
    oval:com.ubuntu.cosmic:def:20169774000
    V
    CVE-2016-9774 on Ubuntu 18.10 (cosmic) - medium.
    2017-03-23
    oval:com.ubuntu.xenial:def:201697740000000
    V
    CVE-2016-9774 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-03-23
    oval:com.ubuntu.precise:def:20169774000
    V
    CVE-2016-9774 on Ubuntu 12.04 LTS (precise) - medium.
    2017-03-23
    oval:org.cisecurity:def:1671
    P
    DSA-3739-1 -- tomcat8 -- security update
    2017-01-27
    oval:org.cisecurity:def:1655
    P
    DSA-3738-1 -- tomcat7 -- security update
    2017-01-27
    BACK
    debian debian linux 7.0
    debian debian linux 8.0
    canonical ubuntu linux 12.04
    canonical ubuntu linux 14.04
    canonical ubuntu linux 16.04
    canonical ubuntu linux 16.10
    apache tomcat 6.0
    apache tomcat 7.0
    apache tomcat 8.0