News Items
Business News, Security News - Jan 03, 2021
Title: penDKIM unsafe /tmp usageAuthor: Michael OrlitzkySummaryThe OpenDKIM test suite relies on a fixed path under the world-writable /tmp for its temporary keys. The dangers of this are well-known. An attacker can exploit the situation to overwrite files belonging to the user who runs th...
Business News, Security News - Nov 17, 2020
Title: opentmpfiles root privilege escalation by symlink attackAuthor: Michael OrlitzkySummaryThe opentmpfiles program implements the tmpfiles.d specification for POSIX systems that do not run systemd. When processing file and directory entries, opentmpfiles calls...
Security News, Business News - Nov 17, 2020
Title: OpenRC checkpath root privilege escalation through non-terminal symlinksAuthor: Michael OrlitzkySummaryOpenRC's checkpath can be tricked into following symlinks present in non-terminal path components. Since checkpath is run as root and is often used to adjust the ownershi...
Security News, Business News - Jan 21, 2020
Title: Portage insecure temporary locationAuthor: Michael OrlitzkyFixedin: commit ef8c21e5, version 2.3.94SummaryThe Gentoo portage package manager builds packages in a temporary location. By default, that temporary location is accessible to unprivileged users even though the build essentially takes...
Security News, Business News - Oct 09, 2019
Title: Nix per-user profile directory hijackAuthor: Michael OrlitzkyFixedin: Nix pull request 3136 and Nix version 2.3.2.SummaryOut of the box, Nix creates an empty, world-writable, per-user profile directory. After Nix is installed but before a victim has (re)logged in, the victim's personal profil...
Security News, Business News - Mar 26, 2019
Title: Gentoo app-backup/burp root privilege escalation via writable configAuthor: Michael OrlitzkyFixedin: Partially addressed in commits 25a4b59e and 5cd39164. Fully fixed in commits 4b3a76d6, 2faf0fcb, and version 2.1.32-r1.SummaryPrior to version 2.1.32-r1, the Gentoo app-backup/burp package giv...
Security News, Business News - Dec 21, 2018
Title: systemd-tmpfiles root privilege escalation by following non-terminal symlinksAuthor: Michael OrlitzkyFixedin: Version 240 Pull request 8358: Commit 774f79b5 Commit 56114d45 Commit 936f6bdb Commit caced732 Commit e04fc13f Pull request 8822: Commit 31c84ff1 Commit b206ac8e Commit 14f3480a Commi...
Security News, Business News - Jun 23, 2018
Title: Gentoo app-backup/burp privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: commits f9cf5c23, 88b7eff0, and 5cd39164SummaryThe Gentoo app-backup/burp package gives ownership of its PID file directory to the daemon's runtime user. That can be exploited by the runtime...
Security News - Apr 22, 2018
Title: MySQL/MariaDB privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: Summary The mysqld daemon creates its PID file after dropping privileges to a non-root user typically named mysql. That may be exploited by the unprivileged user to kill root processes, since whe...
Security News, Business News - Apr 15, 2018
Title: Gentoo net-im/jabberd2 root privilege escalation via user-owned executablesAuthor: Michael OrlitzkyFixedin: commit b50a3068SummaryAll versions of the Gentoo net-im/jabberd2 package allow the local unprivileged jabber user to gain root by modifying the /usr/bin/{jabberd,router,sm,c2s,s2s} exec...

Pages

Under no circumstances should you send an email to ackbar@viabit.com .

Managed I.T. Services

The difference with our "Metro Manage I.T." model is that we proactively monitor your systems and keep them up-to-date and healthy.  

Read More

Hardware Sales & Support

Whether you're in need of computer support, networking monitoring, hardware or software, Metro Data is the one-stop solution for all of your business and corporate technology needs.

Read More

Email Hosting and Filtering

We offer filtering services to stop the constant flow of junk mail before it ever makes it into your inbox. Let Metro Data be your one stop shop for all your I.T. needs!

Read More

Partnerships
Dell Technologies - Authorize Partner
Linux
Lenovo Business Partner
Microsoft Partner
Cisco Systems Partner