Security News, Business News - Jun 23, 2018
Title: Gentoo app-backup/burp privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: commits f9cf5c23, 88b7eff0, and 5cd39164SummaryThe Gentoo app-backup/burp package gives ownership of its PID file directory to the daemon's runtime user. That can be exploited by the runtime...
Security News, Business News - Apr 15, 2018
Title: Gentoo net-im/jabberd2 privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: commit b50a3068SummaryThe Gentoo net-im/jabberd2 package gives ownership of its PID file directory to the daemon's runtime user. That can be exploited by the runtime user to kill root process...
Security News, Business News - Apr 15, 2018
Title: Icinga2 privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: commit c6b8668 , version 2.8.2SummaryThe icinga2 daemon creates its PID file after dropping privileges to a non-root user. That may be exploited by the unprivileged user to kill root processes, since when t...
Security News, Business News - Apr 15, 2018
Title: Gentoo net-im/jabberd2 root privilege escalation via user-owned executablesAuthor: Michael OrlitzkyFixedin: commit b50a3068SummaryAll versions of the Gentoo net-im/jabberd2 package allow the local unprivileged jabber user to gain root by modifying the /usr/bin/{jabberd,router,sm,c2s,s2s} exec...
Security News, Business News - Apr 15, 2018
Title: Gentoo app-admin/collectd privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: commit 9a70b58, version 5.7.2-r1SummaryNote: the app-admin/collectd package has been renamed to app-metrics/collectd.Learn MoreComplete details here: http://michael.orlitzky.com/cves/cve-2...
Business News ( Hunt Valley, Maryland ) - Mar 22, 2018
Metro Data, Inc. would like to thank the Baltimore Business Journal, and Ms. Maria Sieron, Research Director for featuring us and our Data Incident Response Team (D.I.R.T.) in the March 22, 2018 cybersecurity issue of the Journal.  The following is an excerpt from the article:By Maria Sieron –...
Business News ( Hunt Valley, Maryland ) - Feb 26, 2018
We are pleased to announce that we have received notification from Dell EMC's President of Global Channels, OEM Solutions & IoT -  that Metro Data, Inc. is now formally a Dell EMC Authorized Reseller and Partner. As customers embrace digital transformation, they look for partners who f...
Business News ( Hunt Valley, Maryland ) - Feb 20, 2018
February 20, 2018 - Metro Data, Inc. Recognized for Excellence in Managed IT ServicesMetro Data, Inc. received the following announcement from CRN.com: "On behalf of The Channel Company and CRN, I would like to congratulate you on Metro Data, Inc.’s placement on the Pioneer 250 of CRN’s 2018 Ma...
Security News, Business News - Feb 14, 2018
Title: opentmpfiles root privilege escalation via recursive chownAuthor: Michael OrlitzkyFixedin:SummaryThe opentmpfiles program implements the tmpfiles.d specification for POSIX systems that do not run systemd. When processing a Z type entry, opentmpfiles calls chown recursively to change ownership...
Security News, Business News - Jan 29, 2018
Title: systemd-tmpfiles root privilege escalation sans fs.protected_hardlinksAuthor: Michael OrlitzkyFixedin: commit 5579f85 , version 237SummaryBefore version 237, the systemd-tmpfiles program will change the permissions and ownership of hard links. If the administrator disables the fs.protected_ha...

Pages

Under no circumstances should you send an email to ackbar@viabit.com .