Security News, Business News - Sep 20, 2017
Title: Kannel privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryThe Kannel daemons create their PID files after dropping privileges to a non-root user. That may be exploited (through init scripts or other management tools) by the unprivileged user to kill root proc...
Security News, Business News - Sep 15, 2017
Title: Gentoo dev-python/flower privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryThe Gentoo dev-python/flower package before 0.9.1 gives ownership of its PID file directory to the daemon's runtime user. That can be exploited by the runtime user to kill root proces...
Security News, Business News - Sep 15, 2017
Title: Gentoo sci-mathematics/gimps root privilege escalation via init scriptAuthor: Michael OrlitzkyFixedin:SummaryThe Gentoo sci-mathematics/gimps package before 28.10-r1 allows local users to gain root privileges by creating a hard link under /var/lib/gimps, because an unsafe chown -R command is...
Business News ( Hunt Valley, Maryland ) - Sep 14, 2017
The Baltimore Business Journal (BBJ) ranks Metro Data, Inc. as one of 2016's Top-50 "Veteran Owned Businesses" in the Baltimore region as published in the September 8-14, 2017 Newspaper.  About the Baltimore Business JournalThe Baltimore Business Journal, where you'll find the latest...
Security News, Business News - Sep 11, 2017
Title: Nagios core root privilege escalation via insecure permissionsAuthor: Michael OrlitzkyFixedin:SummaryNagios installs two sets of files with insecure permissions: after installation, the executables and the configuration files are all owned by the same unprivileged user and group (typically, n...
Security News, Business News - Sep 05, 2017
Title: OpenLDAP privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryThe slapd daemon in all versions of OpenLDAP creates a PID file after dropping privileges to a non-root account. That may be exploitable by the non-root account to kill root processes, because any ro...
Security News, Business News - Sep 01, 2017
Title: MIMEDefang privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: Version 2.81SummaryMIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account. This is exploitable by that non-root account to kill root processes, because the init sc...
Security News, Business News - Aug 23, 2017
Title: UnrealIRCd privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryUnrealIRCd (all versions) creates a PID file after dropping privileges to a non-root account. That may be exploitable by the non-root account to kill root processes, because any root script (for ex...
Security News, Business News - Aug 14, 2017
Title: Nagios core privilege escalation via PID file manipulation​Author: Michael OrlitzkyFixedin: commits 1b19734 and 3baffa7, version 4.3.3SummaryNagios 4.3.2 and earlier creates a PID file after dropping privileges to a non-root account. This is exploitable by that non-root account to kill root p...
Business News ( Baltimore, Maryland ) - Aug 03, 2017
 The staff of Metro Data, Inc. were excited to attend of launch of the Baltimore Cyber Range, and are proud to be members of their cybersec consortium.Maryland Governor Larry Hogan today joined Stephen Thomas, general manager of Cyberbit North America; Bruce Spector, CEO of Baltimore-based Elec...

Pages

Under no circumstances should you send an email to ackbar@viabit.com .