CVE-2004-1452 - Bipartite Pissed

Description

Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat but executes the scripts with root privileges which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.

Reference

http://www.gentoo.org/security/en/glsa/glsa-200408-15.xml http://www.securityfocus.com/bid/10951 http://secunia.com/advisories/12296/ https://exchange.xforce.ibmcloud.com/vulnerabilities/16993