CVE-2016-1240
Publication date 16 September 2016
Last updated 25 August 2025
Ubuntu priority
Description
The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.
From the Ubuntu Security Team
Dawid Golunski discovered that the Tomcat init script incorrectly handled creating log files. A remote attacker could possibly use this issue to obtain root privileges.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| tomcat6 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial |
Fixed 6.0.45+dfsg-1ubuntu0.2
|
|
| 14.04 LTS trusty |
Fixed 6.0.39-1ubuntu0.1
|
|
| tomcat7 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Fixed 7.0.68-1ubuntu0.3
|
|
| 14.04 LTS trusty |
Fixed 7.0.52-1ubuntu0.7
|
|
| tomcat8 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 8.0.36-2ubuntu1
|
|
| 16.04 LTS xenial |
Fixed 8.0.32-1ubuntu1.2
|
|
| 14.04 LTS trusty | Not in release | |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.8 · High
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-3081-1
- Tomcat vulnerability
- 19 September 2016
- USN-3081-2
- Tomcat vulnerability
- 27 October 2020