Security News, Business News - Feb 14, 2018
Title: opentmpfiles root privilege escalation via recursive chownAuthor: Michael OrlitzkyFixedin:SummaryThe opentmpfiles program implements the tmpfiles.d specification for POSIX systems that do not run systemd. When processing a Z type entry, opentmpfiles calls chown recursively to change ownership...
Security News, Business News - Jan 29, 2018
Title: systemd-tmpfiles root privilege escalation sans fs.protected_hardlinksAuthor: Michael OrlitzkyFixedin: commit 5579f85 , version 237SummaryBefore version 237, the systemd-tmpfiles program will change the permissions and ownership of hard links. If the administrator disables the fs.protected_ha...
Security News, Business News - Jan 04, 2018
Title: GNU chown and chgrp privilege escalation via recursive dereferencesAuthor: Michael OrlitzkyFixedin:SummaryThe chown program in GNU coreutils is vulnerable to a race condition when using the POSIX -R -L options to follow symlinks recursively. In the presence of symlinks, the recursive director...
Business News ( Hunt Valley, Maryland ) - Nov 30, 2017
 Bert Orlitzky, President of Metro Data, Inc. was interviewed by reporter John Rydell of Fox45 TV, WBFF Baltimore and appeared on the evening newscast.The newscast topic covered the Anne Arundel County School system, which recently had their paychecks "hacked" by way of a sophisticated phishing...
Security News, Business News - Nov 23, 2017
Title: Icinga2 root privilege escalation via init script and systemd serviceAuthor: Michael OrlitzkyFixedin:SummaryThe icinga2 init script (etc/initsystem/icinga2.init.d.cmake) and systemd service file (etc/initsystem/icinga2.service.cmake) allow the unprivileged $ICINGA2_USER to gain root privilege...
Security News, Business News - Nov 18, 2017
Title: Icinga core root privilege escalation via insecure permissionsAuthor: Michael OrlitzkyFixedin: commits ad2eb58 and 161c621, version 1.14.2SummaryIcinga installs two sets of files with insecure permissions: after installation, the executables and the configuration files are all owned by the sa...
Security News, Business News - Nov 15, 2017
Title: pnp4nagios root privilege escalation via insecure permissionsAuthor: Michael OrlitzkyFixedin: Commit 23c123fSummaryThe pnp4nagios build system installs two sets of files with insecure permissions. After installation, the executables and the configuration files are all owned by the same unpriv...
Security News, Business News - Nov 07, 2017
Title: mail-filter/assp root privilege escalation by user-owned daemonAuthor: Michael OrlitzkyFixedin: noneSummaryAll versions of the Gentoo mail-filter/assp package allow the local unprivileged assp user to gain root by modifying the /usr/share/assp/assp.pl script, which is launched as root by its...
Security News, Business News - Nov 06, 2017
Title: net-misc/vde root privilege escalation via OpenRC service scriptAuthor: Michael OrlitzkyFixedin: version 2.3.2-r4, commits 487449d and 26fdd48SummaryThe Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the qemu group to gain root by creating a hard link in a directory...
Security News, Business News - Oct 27, 2017
Title: dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera root privilege escalation via chown in ebuild phase functionsAuthor: Michael OrlitzkyFixedin: commits 5a4dfd9, 40984ff, and b19f619SummaryRecent versions of dev-db/mariadb and all consumers of...

Pages

Under no circumstances should you send an email to ackbar@viabit.com .