News Categories
News Items
Security News, Business News - Sep 21, 2017
Title: P3Scan privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryThe p3scan daemon creates its PID file after dropping privileges to a non-root user. That may be exploited (through init scripts or other management tools) by the unprivileged user to kill root process...
Security News, Business News - Sep 20, 2017
Title: Kannel privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryThe Kannel daemons create their PID files after dropping privileges to a non-root user. That may be exploited (through init scripts or other management tools) by the unprivileged user to kill root proc...
Security News, Business News - Sep 15, 2017
Title: Gentoo dev-python/flower privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryThe Gentoo dev-python/flower package before 0.9.1 gives ownership of its PID file directory to the daemon's runtime user. That can be exploited by the runtime user to kill root proces...
Security News, Business News - Sep 15, 2017
Title: Gentoo sci-mathematics/gimps root privilege escalation via init scriptAuthor: Michael OrlitzkyFixedin:SummaryThe Gentoo sci-mathematics/gimps package before 28.10-r1 allows local users to gain root privileges by creating a hard link under /var/lib/gimps, because an unsafe chown -R command is...
Business News ( Hunt Valley, Maryland ) - Sep 14, 2017
The Baltimore Business Journal (BBJ) ranks Metro Data, Inc. as one of 2016's Top-50 "Veteran Owned Businesses" in the Baltimore region as published in the September 8-14, 2017 Newspaper. About the Baltimore Business JournalThe Baltimore Business Journal, where you'll find the latest...
Security News, Business News - Sep 11, 2017
Title: Nagios core root privilege escalation via insecure permissionsAuthor: Michael OrlitzkyFixedin:SummaryNagios installs two sets of files with insecure permissions: after installation, the executables and the configuration files are all owned by the same unprivileged user and group (typically, n...
Security News, Business News - Sep 05, 2017
Title: OpenLDAP privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryThe slapd daemon in all versions of OpenLDAP creates a PID file after dropping privileges to a non-root account. That may be exploitable by the non-root account to kill root processes, because any ro...
Security News, Business News - Sep 01, 2017
Title: MIMEDefang privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: Version 2.81SummaryMIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account. This is exploitable by that non-root account to kill root processes, because the init sc...
Security News, Business News - Aug 23, 2017
Title: UnrealIRCd privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin:SummaryUnrealIRCd (all versions) creates a PID file after dropping privileges to a non-root account. That may be exploitable by the non-root account to kill root processes, because any root script (for ex...
Security News, Business News - Aug 14, 2017
Title: Nagios core privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: commits 1b19734 and 3baffa7, version 4.3.3SummaryNagios 4.3.2 and earlier creates a PID file after dropping privileges to a non-root account. This is exploitable by that non-root account to kill root p...