Security News, Business News - Jan 21, 2020
Title: Portage insecure temporary locationAuthor: Michael OrlitzkyFixedin: commit ef8c21e5, version 2.3.94SummaryThe Gentoo portage package manager builds packages in a temporary location. By default, that temporary location is accessible to unprivileged users even though the build essentially takes...
Security News, Business News - Oct 09, 2019
Title: Nix per-user profile directory hijackAuthor: Michael OrlitzkyFixedin: Nix pull request 3136 and Nix version 2.3.2.SummaryOut of the box, Nix creates an empty, world-writable, per-user profile directory. After Nix is installed but before a victim has (re)logged in, the victim's personal profil...
Security News, Business News - Mar 26, 2019
Title: Gentoo app-backup/burp root privilege escalation via writable configAuthor: Michael OrlitzkyFixedin: Partially addressed in commits 25a4b59e and 5cd39164. Fully fixed in commits 4b3a76d6, 2faf0fcb, and version 2.1.32-r1.SummaryPrior to version 2.1.32-r1, the Gentoo app-backup/burp package giv...
Security News, Business News - Dec 21, 2018
Title: systemd-tmpfiles root privilege escalation by following non-terminal symlinksAuthor: Michael OrlitzkyFixedin: Version 240 Pull request 8358: Commit 774f79b5 Commit 56114d45 Commit 936f6bdb Commit caced732 Commit e04fc13f Pull request 8822: Commit 31c84ff1 Commit b206ac8e Commit 14f3480a Commi...
Security News, Business News - Jun 23, 2018
Title: Gentoo app-backup/burp privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: commits f9cf5c23, 88b7eff0, and 5cd39164SummaryThe Gentoo app-backup/burp package gives ownership of its PID file directory to the daemon's runtime user. That can be exploited by the runtime...
Security News - Apr 22, 2018
Title: MySQL/MariaDB privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: Summary The mysqld daemon creates its PID file after dropping privileges to a non-root user typically named mysql. That may be exploited by the unprivileged user to kill root processes, since whe...
Security News, Business News - Apr 15, 2018
Title: Gentoo net-im/jabberd2 root privilege escalation via user-owned executablesAuthor: Michael OrlitzkyFixedin: commit b50a3068SummaryAll versions of the Gentoo net-im/jabberd2 package allow the local unprivileged jabber user to gain root by modifying the /usr/bin/{jabberd,router,sm,c2s,s2s} exec...
Security News, Business News - Apr 15, 2018
Title: Icinga2 privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: commit c6b8668 , version 2.8.2SummaryThe icinga2 daemon creates its PID file after dropping privileges to a non-root user. That may be exploited by the unprivileged user to kill root processes, since when t...
Security News, Business News - Apr 15, 2018
Title: Gentoo net-im/jabberd2 privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: commit b50a3068SummaryThe Gentoo net-im/jabberd2 package gives ownership of its PID file directory to the daemon's runtime user. That can be exploited by the runtime user to kill root process...
Security News, Business News - Apr 15, 2018
Title: Gentoo app-admin/collectd privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: commit 9a70b58, version 5.7.2-r1SummaryNote: the app-admin/collectd package has been renamed to app-metrics/collectd.Learn MoreComplete details here: http://michael.orlitzky.com/cves/cve-2...

Pages

Under no circumstances should you send an email to ackbar@viabit.com .