News Items
Security News, Business News - Sep 01, 2017
Title: MIMEDefang privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: Version 2.81SummaryMIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account. This is exploitable by that non-root account to kill root processes, because the init sc...
Security News, Business News - Aug 23, 2017
Title: UnrealIRCd privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryUnrealIRCd (all versions) creates a PID file after dropping privileges to a non-root account. That may be exploitable by the non-root account to kill root processes, because any root script (for ex...
Security News, Business News - Aug 14, 2017
Title: Nagios core privilege escalation via PID file manipulation​Author: Michael OrlitzkyFixedin: commits 1b19734 and 3baffa7, version 4.3.3SummaryNagios 4.3.2 and earlier creates a PID file after dropping privileges to a non-root account. This is exploitable by that non-root account to kill root p...
Security News, Business News - Jul 30, 2017
Title: Tinyproxy privilege escalation via PID file manipulation​Author: Michael OrlitzkyFixedin: commit 9acb0cbSummaryThe tinyproxy daemon creates its PID file after dropping privileges to a non-root user. That may be exploited (through init scripts or other management tools) by the unprivileged use...
Security News, Business News - Jul 30, 2017
Title: Tenshi privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: commits 46b0148 and d0e7f28, version 0.16SummaryTenshi 0.15 and earlier creates a tenshi.pid file after dropping privileges to a non-root account. This is exploitable by that non-root account to kill root pr...
Security News, Business News - Dec 30, 2016
Title: Nagios core incomplete fix for CVE-2016-8641Author: Michael OrlitzkyFixedin: commits ef69001, 553fc81, and 166dd3aSummaryCVE-2016-8641 describes how the unprivileged Nagios user can become root using symlinks to fool the init script. An identical attack is still possible using hard links.Lear...

Pages

Under no circumstances should you send an email to ackbar@viabit.com .

Managed I.T. Services

The difference with our "Metro Manage I.T." model is that we proactively monitor your systems and keep them up-to-date and healthy.  

Read More

Hardware Sales & Support

Whether you're in need of computer support, networking monitoring, hardware or software, Metro Data is the one-stop solution for all of your business and corporate technology needs.

Read More

Email Hosting and Filtering

We offer filtering services to stop the constant flow of junk mail before it ever makes it into your inbox. Let Metro Data be your one stop shop for all your I.T. needs!

Read More

Partnerships
Intel Gold Partner
Dell Technologies - Authorize Partner
Linux
Lenovo Business Partner
Microsoft Partner
Cisco Systems Partner