Date: Wed, 26 Oct 2016 02:05:11 -0300 From: Dawid Golunski <dawid@...alhackers.com> Cc: fulldisclosure@...lists.org, bugtraq@...urityfocus.com, bugs@...uritytracker.com, oss-security@...ts.openwall.com Subject: CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation I added a simple PoC video for the CVE-2016-1240 vulnerability. In the PoC I used Ubuntu 16.04 with the latest tomcat7 package (version: 7.0.68-ubuntu-0.1) installed from the default ubuntu repos which appears vulnerable still. The video poc can be found at: http://legalhackers.com/videos/Apache-Tomcat-DebPkg-Root-PrivEsc-Exploit.html -- Regards, Dawid Golunski http://legalhackers.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ