oss-sec mailing list archives
CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation
From: Dawid Golunski <dawid () legalhackers com>
Date: Wed, 26 Oct 2016 02:05:11 -0300
I added a simple PoC video for the CVE-2016-1240 vulnerability. In the PoC I used Ubuntu 16.04 with the latest tomcat7 package (version: 7.0.68-ubuntu-0.1) installed from the default ubuntu repos which appears vulnerable still. The video poc can be found at: http://legalhackers.com/videos/Apache-Tomcat-DebPkg-Root-PrivEsc-Exploit.html -- Regards, Dawid Golunski http://legalhackers.com
Current thread:
- CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Dawid Golunski (Oct 25)
- Re: CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Solar Designer (Oct 26)
- Re: CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Dawid Golunski (Oct 27)
- Re: CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Solar Designer (Oct 26)