You are here

Home
News Items

Exploits Discovered - Published CVE-2017-18226

Security News, Business News - Apr 15, 2018
Title: Gentoo net-im/jabberd2 privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: commit b50a3068SummaryThe Gentoo net-im/jabberd2 package gives ownership of its PID file directory to the daemon's runtime user. That can be exploited by the runtime user to kill root process...
Read More...

Exploits Discovered - Published CVE-2017-18240

Security News, Business News - Apr 15, 2018
Title: Gentoo app-admin/collectd privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: commit 9a70b58, version 5.7.2-r1SummaryNote: the app-admin/collectd package has been renamed to app-metrics/collectd.Learn MoreComplete details here: http://michael.orlitzky.com/cves/cve-2...
Read More...

Exploits Discovered - Published CVE-2017-18225

Security News, Business News - Apr 15, 2018
Title: Gentoo net-im/jabberd2 root privilege escalation via user-owned executablesAuthor: Michael OrlitzkyFixedin: commit b50a3068SummaryAll versions of the Gentoo net-im/jabberd2 package allow the local unprivileged jabber user to gain root by modifying the /usr/bin/{jabberd,router,sm,c2s,s2s} exec...
Read More...

Exploits Discovered - Published CVE-2018-6536

Security News, Business News - Apr 15, 2018
Title: Icinga2 privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: commit c6b8668 , version 2.8.2SummaryThe icinga2 daemon creates its PID file after dropping privileges to a non-root user. That may be exploited by the unprivileged user to kill root processes, since when t...
Read More...

Exploits Discovered - Published CVE-2017-18188

Security News, Business News - Feb 14, 2018
Title: opentmpfiles root privilege escalation via recursive chownAuthor: Michael OrlitzkyFixedin:SummaryThe opentmpfiles program implements the tmpfiles.d specification for POSIX systems that do not run systemd. When processing a Z type entry, opentmpfiles calls chown recursively to change ownership...
Read More...

Exploits Discovered - Published CVE-2017-18078

Security News, Business News - Jan 29, 2018
Title: systemd-tmpfiles root privilege escalation sans fs.protected_hardlinksAuthor: Michael OrlitzkyFixedin: commit 5579f85 , version 237SummaryBefore version 237, the systemd-tmpfiles program will change the permissions and ownership of hard links. If the administrator disables the fs.protected_ha...
Read More...

Exploits Discovered - Published CVE-2017-18018

Security News, Business News - Jan 04, 2018
Title: GNU chown and chgrp privilege escalation via recursive dereferencesAuthor: Michael OrlitzkyFixedin:SummaryThe chown program in GNU coreutils is vulnerable to a race condition when using the POSIX -R -L options to follow symlinks recursively. In the presence of symlinks, the recursive director...
Read More...

Exploits Discovered - Published CVE-2017-16933

Security News, Business News - Nov 23, 2017
Title: Icinga2 root privilege escalation via init script and systemd serviceAuthor: Michael OrlitzkyFixedin:SummaryThe icinga2 init script (etc/initsystem/icinga2.init.d.cmake) and systemd service file (etc/initsystem/icinga2.service.cmake) allow the unprivileged $ICINGA2_USER to gain root privilege...
Read More...

Exploits Discovered - Published CVE-2017-16882

Security News, Business News - Nov 18, 2017
Title: Icinga core root privilege escalation via insecure permissionsAuthor: Michael OrlitzkyFixedin: commits ad2eb58 and 161c621, version 1.14.2SummaryIcinga installs two sets of files with insecure permissions: after installation, the executables and the configuration files are all owned by the sa...
Read More...

Exploits Discovered - Published CVE-2017-16834

Security News, Business News - Nov 15, 2017
Title: pnp4nagios root privilege escalation via insecure permissionsAuthor: Michael OrlitzkyFixedin: Commit 23c123fSummaryThe pnp4nagios build system installs two sets of files with insecure permissions. After installation, the executables and the configuration files are all owned by the same unpriv...
Read More...

Pages

Under no circumstances should you send an email to ackbar@viabit.com .

Managed I.T. Services

The difference with our "Metro Manage I.T." model is that we proactively monitor your systems and keep them up-to-date and healthy.  

Read More

Hardware Sales & Support

Whether you're in need of computer support, networking monitoring, hardware or software, Metro Data is the one-stop solution for all of your business and corporate technology needs.

Read More

Email Hosting and Filtering

We offer filtering services to stop the constant flow of junk mail before it ever makes it into your inbox. Let Metro Data be your one stop shop for all your I.T. needs!

Read More

Partnerships
Intel Gold Partner
Dell Technologies - Authorize Partner
Linux
Lenovo Business Partner
Microsoft Partner
Cisco Systems Partner