You are here

Home
News Items

Exploits Discovered - Published CVE-2017-16659

Security News, Business News - Nov 07, 2017
Title: mail-filter/assp root privilege escalation by user-owned daemonAuthor: Michael OrlitzkyFixedin: noneSummaryAll versions of the Gentoo mail-filter/assp package allow the local unprivileged assp user to gain root by modifying the /usr/share/assp/assp.pl script, which is launched as root by its...
Read More...

Exploits Discovered - Published CVE-2017-16638

Security News, Business News - Nov 06, 2017
Title: net-misc/vde root privilege escalation via OpenRC service scriptAuthor: Michael OrlitzkyFixedin: version 2.3.2-r4, commits 487449d and 26fdd48SummaryThe Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the qemu group to gain root by creating a hard link in a directory...
Read More...

Exploits Discovered - Published CVE-2017-15945

Security News, Business News - Oct 27, 2017
Title: dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera root privilege escalation via chown in ebuild phase functionsAuthor: Michael OrlitzkyFixedin: commits 5a4dfd9, 40984ff, and b19f619SummaryRecent versions of dev-db/mariadb and all consumers of...
Read More...

Exploits Discovered - Published CVE-2017-14730

Security News, Business News - Sep 25, 2017
Title: app-admin/logstash-bin root privilege escalation via init scriptAuthor: Michael OrlitzkyFixedin: versions 5.5.3 and 5.6.1, commits bbd6cb3 and 18f97c8SummaryThe Gentoo app-admin/logstash-bin package before version 5.5.3 allows its local unprivileged user to gain root by creating a hard link i...
Read More...

Exploits Discovered - Published CVE-2017-14681

Security News, Business News - Sep 21, 2017
Title: P3Scan privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryThe p3scan daemon creates its PID file after dropping privileges to a non-root user. That may be exploited (through init scripts or other management tools) by the unprivileged user to kill root process...
Read More...

Exploits Discovered - Published CVE-2017-14609

Security News, Business News - Sep 20, 2017
Title: Kannel privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryThe Kannel daemons create their PID files after dropping privileges to a non-root user. That may be exploited (through init scripts or other management tools) by the unprivileged user to kill root proc...
Read More...

Exploits Discovered - Published CVE-2017-14483

Security News, Business News - Sep 15, 2017
Title: Gentoo dev-python/flower privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryThe Gentoo dev-python/flower package before 0.9.1 gives ownership of its PID file directory to the daemon's runtime user. That can be exploited by the runtime user to kill root proces...
Read More...

Exploits Discovered - Published CVE-2017-14484

Security News, Business News - Sep 15, 2017
Title: Gentoo sci-mathematics/gimps root privilege escalation via init scriptAuthor: Michael OrlitzkyFixedin:SummaryThe Gentoo sci-mathematics/gimps package before 28.10-r1 allows local users to gain root privileges by creating a hard link under /var/lib/gimps, because an unsafe chown -R command is...
Read More...

Exploits Discovered - Published CVE-2017-14312

Security News, Business News - Sep 11, 2017
Title: Nagios core root privilege escalation via insecure permissionsAuthor: Michael OrlitzkyFixedin:SummaryNagios installs two sets of files with insecure permissions: after installation, the executables and the configuration files are all owned by the same unprivileged user and group (typically, n...
Read More...

Exploits Discovered - Published CVE-2017-14159

Security News, Business News - Sep 05, 2017
Title: OpenLDAP privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryThe slapd daemon in all versions of OpenLDAP creates a PID file after dropping privileges to a non-root account. That may be exploitable by the non-root account to kill root processes, because any ro...
Read More...

Pages

Under no circumstances should you send an email to ackbar@viabit.com .

Managed I.T. Services

The difference with our "Metro Manage I.T." model is that we proactively monitor your systems and keep them up-to-date and healthy.  

Read More

Hardware Sales & Support

Whether you're in need of computer support, networking monitoring, hardware or software, Metro Data is the one-stop solution for all of your business and corporate technology needs.

Read More

Email Hosting and Filtering

We offer filtering services to stop the constant flow of junk mail before it ever makes it into your inbox. Let Metro Data be your one stop shop for all your I.T. needs!

Read More

Partnerships
Intel Gold Partner
Dell Technologies - Authorize Partner
Linux
Lenovo Business Partner
Microsoft Partner
Cisco Systems Partner