Back to search
CVE-2016-8657
Published: Jul 31, 2018
Modified: Aug 6, 2024
PUBLISHED
Description
It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2017:0828
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0827
vendor-advisory
x_refsource_REDHAT
RHSA-2018:1609
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8657
x_refsource_CONFIRM
RHSA-2017:0826
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0829
vendor-advisory
x_refsource_REDHAT
96896
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now