This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200408-15
(Tomcat: Insecure installation)
The Gentoo ebuild for Tomcat sets the ownership of the Tomcat init
scripts as tomcat:tomcat, but those scripts are executed with root
privileges when the system is started. This may allow a member of the
tomcat group to run arbitrary code with root privileges when the Tomcat
init scripts are run.
This could lead to a local privilege escalation or root compromise by
Users may change the ownership of /etc/init.d/tomcat* and
/etc/conf.d/tomcat* to be root:root:
# chown -R root:root /etc/init.d/tomcat*
# chown -R root:root /etc/conf.d/tomcat*
See also :
All Tomcat users can upgrade to the latest stable version, or simply
apply the workaround:
# emerge sync
# emerge -pv '>=www-servers/tomcat-5.0.27-r3'
# emerge '>=www-servers/tomcat-5.0.27-r3'
Risk factor :
High / CVSS Base Score : 7.2
Family: Gentoo Local Security Checks
Nessus Plugin ID: 14571 (gentoo_GLSA-200408-15.nasl)
CVE ID: CVE-2004-1452
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.