News Categories
News Items
Security News, Business News - Sep 01, 2017
Title: MIMEDefang privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: Version 2.81SummaryMIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account. This is exploitable by that non-root account to kill root processes, because the init sc...
Security News, Business News - Aug 23, 2017
Title: UnrealIRCd privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryUnrealIRCd (all versions) creates a PID file after dropping privileges to a non-root account. That may be exploitable by the non-root account to kill root processes, because any root script (for ex...
Security News, Business News - Aug 14, 2017
Title: Nagios core privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: commits 1b19734 and 3baffa7, version 4.3.3SummaryNagios 4.3.2 and earlier creates a PID file after dropping privileges to a non-root account. This is exploitable by that non-root account to kill root p...
Security News, Business News - Jul 30, 2017
Title: Tinyproxy privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: commit 9acb0cbSummaryThe tinyproxy daemon creates its PID file after dropping privileges to a non-root user. That may be exploited (through init scripts or other management tools) by the unprivileged use...
Security News, Business News - Jul 30, 2017
Title: Tenshi privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: commits 46b0148 and d0e7f28, version 0.16SummaryTenshi 0.15 and earlier creates a tenshi.pid file after dropping privileges to a non-root account. This is exploitable by that non-root account to kill root pr...
Security News, Business News - Dec 30, 2016
Title: Nagios core incomplete fix for CVE-2016-8641Author: Michael OrlitzkyFixedin: commits ef69001, 553fc81, and 166dd3aSummaryCVE-2016-8641 describes how the unprivileged Nagios user can become root using symlinks to fool the init script. An identical attack is still possible using hard links.Lear...
Pages
- « first
- ‹ previous
- 1
- 2
- 3
- 4