Apache Commons Daemon vulnerability

2011-12-1200:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.002

Percentile

57.8%

JSON

Releases

Ubuntu 11.10
Ubuntu 11.04

Packages

commons-daemon - wrapper to launch Java applications as daemons

Details

Wilfried Weissmann discovered that Apache Commons Daemon incorrectly
dropped capabilities after starting. A remote attacker could possibly use
this flaw to read certain files, bypassing the intended permissions.

OSVersionArchitecturePackageVersionFilename
Ubuntu11.10noarchlibcommons-daemon-java< 1.0.6-1ubuntu0.1UNKNOWN
Ubuntu11.10noarchjsvc< 1.0.6-1ubuntu0.1UNKNOWN
Ubuntu11.04noarchlibcommons-daemon-java< 1.0.4-1ubuntu0.1UNKNOWN
Ubuntu11.04noarchjsvc< 1.0.4-1ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	11.10	noarch	libcommons-daemon-java	< 1.0.6-1ubuntu0.1	UNKNOWN
Ubuntu	11.10	noarch	jsvc	< 1.0.6-1ubuntu0.1	UNKNOWN
Ubuntu	11.04	noarch	libcommons-daemon-java	< 1.0.4-1ubuntu0.1	UNKNOWN
Ubuntu	11.04	noarch	jsvc	< 1.0.4-1ubuntu0.1	UNKNOWN