Back to bug 1400343
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Bharti Kundal | 2016-11-30 23:16:31 UTC | Blocks | 1399004 | |
| Adam Mariš | 2016-12-01 08:53:16 UTC | Summary | jboss: jbossas writable config files allow privilege escalation | CVE-2016-8657 jboss: jbossas writable config files allow privilege escalation |
| Alias | CVE-2016-8657 | |||
| Bharti Kundal | 2016-12-08 19:14:55 UTC | Depends On | 1402969 | |
| Bharti Kundal | 2016-12-08 19:15:01 UTC | Depends On | 1402970 | |
| Bharti Kundal | 2016-12-08 19:15:18 UTC | Depends On | 1402971 | |
| David Walluck | 2017-02-03 19:27:55 UTC | CC | bkundal, dwalluck | |
| Flags | needinfo?(bkundal) | |||
| Jason T. Greene | 2017-02-03 22:39:12 UTC | CC | jason.greene | |
| Bharti Kundal | 2017-02-09 16:37:39 UTC | Flags | needinfo?(bkundal) | |
| Bharti Kundal | 2017-03-03 18:05:39 UTC | Doc Text | It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped or restarted. | |
| Bharti Kundal | 2017-03-03 18:49:25 UTC | Blocks | 1428993 | |
| Eric Christensen | 2017-03-06 16:01:44 UTC | Doc Text | It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped or restarted. | It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted. |
| Bharti Kundal | 2017-07-31 07:16:29 UTC | CC | chazlett, dimitris, psotirop | |
| Whiteboard | impact=important,public=20161010,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,eap-5/jbossas=affected,eap-6/jbossas=affected,eap-7/jbossas=affected | impact=important,public=20161010,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,eap-5/jbossas=affected,eap-6/jbossas=affected,eap-7/jbossas=notaffected | ||
| Permaine Cheung | 2017-12-11 14:43:06 UTC | Status | NEW | ON_QA |
| CC | pcheung | |||
| errata-xmlrpc | 2018-05-17 18:27:01 UTC | Link ID | Red Hat Product Errata RHSA-2018:1609 | |
| Pedro Sampaio | 2018-07-31 16:09:41 UTC | Whiteboard | impact=important,public=20161010,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,eap-5/jbossas=affected,eap-6/jbossas=affected,eap-7/jbossas=notaffected | impact=important,public=20161010,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-732,eap-5/jbossas=affected,eap-6/jbossas=affected,eap-7/jbossas=notaffected |
| PnT Account Manager | 2018-10-19 21:38:41 UTC | CC | bkundal | |
| Kunjan Rathod | 2019-06-25 01:25:05 UTC | CC | asoldano, brian.stansberry, iweiss, jkurik, jperkins, krathod, kwills, msochure, msvehla, nwallace, pmackay, rguimara, smaestri, tom.jenkinson | |
| Whiteboard | impact=important,public=20161010,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-732,eap-5/jbossas=affected,eap-6/jbossas=affected,eap-7/jbossas=notaffected | impact=important,public=20161010,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-732,eap-5/jbossas=affected,eap-6/jbossas=affected,eap-7/jboss=notaffected | ||
| Product Security DevOps Team | 2019-07-12 13:04:23 UTC | Status | ON_QA | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-07-12 13:04:23 UTC | |||
| Product Security DevOps Team | 2019-09-29 14:01:53 UTC | Whiteboard | impact=important,public=20161010,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-732,eap-5/jbossas=affected,eap-6/jbossas=affected,eap-7/jboss=notaffected |
Back to bug 1400343