Security News, Business News - Jan 04, 2018
Title: GNU chown and chgrp privilege escalation via recursive dereferencesAuthor: Michael OrlitzkyFixedin:SummaryThe chown program in GNU coreutils is vulnerable to a race condition when using the POSIX -R -L options to follow symlinks recursively. In the presence of symlinks, the recursive director...
Business News ( Hunt Valley, Maryland ) - Nov 30, 2017
 Bert Orlitzky, President of Metro Data, Inc. was interviewed by reporter John Rydell of Fox45 TV, WBFF Baltimore and appeared on the evening newscast.The newscast topic covered the Anne Arundel County School system, which recently had their paychecks "hacked" by way of a sophisticated phishing...
Security News, Business News - Nov 23, 2017
Title: Icinga2 root privilege escalation via init script and systemd serviceAuthor: Michael OrlitzkyFixedin:SummaryThe icinga2 init script (etc/initsystem/icinga2.init.d.cmake) and systemd service file (etc/initsystem/icinga2.service.cmake) allow the unprivileged $ICINGA2_USER to gain root privilege...
Security News, Business News - Nov 18, 2017
Title: Icinga core root privilege escalation via insecure permissionsAuthor: Michael OrlitzkyFixedin: commits ad2eb58 and 161c621, version 1.14.2SummaryIcinga installs two sets of files with insecure permissions: after installation, the executables and the configuration files are all owned by the sa...
Security News, Business News - Nov 15, 2017
Title: pnp4nagios root privilege escalation via insecure permissionsAuthor: Michael OrlitzkyFixedin: Commit 23c123fSummaryThe pnp4nagios build system installs two sets of files with insecure permissions. After installation, the executables and the configuration files are all owned by the same unpriv...
Security News, Business News - Nov 07, 2017
Title: mail-filter/assp root privilege escalation by user-owned daemonAuthor: Michael OrlitzkyFixedin: noneSummaryAll versions of the Gentoo mail-filter/assp package allow the local unprivileged assp user to gain root by modifying the /usr/share/assp/assp.pl script, which is launched as root by its...
Security News, Business News - Nov 06, 2017
Title: net-misc/vde root privilege escalation via OpenRC service scriptAuthor: Michael OrlitzkyFixedin: version 2.3.2-r4, commits 487449d and 26fdd48SummaryThe Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the qemu group to gain root by creating a hard link in a directory...
Security News, Business News - Oct 27, 2017
Title: dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera root privilege escalation via chown in ebuild phase functionsAuthor: Michael OrlitzkyFixedin: commits 5a4dfd9, 40984ff, and b19f619SummaryRecent versions of dev-db/mariadb and all consumers of...
Security News, Business News - Sep 25, 2017
Title: app-admin/logstash-bin root privilege escalation via init scriptAuthor: Michael OrlitzkyFixedin: versions 5.5.3 and 5.6.1, commits bbd6cb3 and 18f97c8SummaryThe Gentoo app-admin/logstash-bin package before version 5.5.3 allows its local unprivileged user to gain root by creating a hard link i...
Security News, Business News - Sep 21, 2017
Title: P3Scan privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryThe p3scan daemon creates its PID file after dropping privileges to a non-root user. That may be exploited (through init scripts or other management tools) by the unprivileged user to kill root process...

Pages

Under no circumstances should you send an email to ackbar@viabit.com .