Security News, Business News - Sep 25, 2017
Title: app-admin/logstash-bin root privilege escalation via init scriptAuthor: Michael OrlitzkyFixedin: versions 5.5.3 and 5.6.1, commits bbd6cb3 and 18f97c8SummaryThe Gentoo app-admin/logstash-bin package before version 5.5.3 allows its local unprivileged user to gain root by creating a hard link i...
Security News, Business News - Sep 21, 2017
Title: P3Scan privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryThe p3scan daemon creates its PID file after dropping privileges to a non-root user. That may be exploited (through init scripts or other management tools) by the unprivileged user to kill root process...
Security News, Business News - Sep 20, 2017
Title: Kannel privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryThe Kannel daemons create their PID files after dropping privileges to a non-root user. That may be exploited (through init scripts or other management tools) by the unprivileged user to kill root proc...
Security News, Business News - Sep 15, 2017
Title: Gentoo sci-mathematics/gimps root privilege escalation via init scriptAuthor: Michael OrlitzkyFixedin:SummaryThe Gentoo sci-mathematics/gimps package before 28.10-r1 allows local users to gain root privileges by creating a hard link under /var/lib/gimps, because an unsafe chown -R command is...
Security News, Business News - Sep 15, 2017
Title: Gentoo dev-python/flower privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryThe Gentoo dev-python/flower package before 0.9.1 gives ownership of its PID file directory to the daemon's runtime user. That can be exploited by the runtime user to kill root proces...
Business News ( Hunt Valley, Maryland ) - Sep 14, 2017
The Baltimore Business Journal (BBJ) ranks Metro Data, Inc. as one of 2016's Top-50 "Veteran Owned Businesses" in the Baltimore region as published in the September 8-14, 2017 Newspaper.  About the Baltimore Business JournalThe Baltimore Business Journal, where you'll find the latest...
Security News, Business News - Sep 11, 2017
Title: Nagios core root privilege escalation via insecure permissionsAuthor: Michael OrlitzkyFixedin:SummaryNagios installs two sets of files with insecure permissions: after installation, the executables and the configuration files are all owned by the same unprivileged user and group (typically, n...
Security News, Business News - Sep 05, 2017
Title: OpenLDAP privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryThe slapd daemon in all versions of OpenLDAP creates a PID file after dropping privileges to a non-root account. That may be exploitable by the non-root account to kill root processes, because any ro...
Security News, Business News - Sep 01, 2017
Title: MIMEDefang privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: Version 2.81SummaryMIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account. This is exploitable by that non-root account to kill root processes, because the init sc...
Security News, Business News - Aug 23, 2017
Title: UnrealIRCd privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryUnrealIRCd (all versions) creates a PID file after dropping privileges to a non-root account. That may be exploitable by the non-root account to kill root processes, because any root script (for ex...

Pages

Under no circumstances should you send an email to ackbar@viabit.com .