News Categories
News Items
Security News, Business News ( Hunt Valley, Maryland ) - Sep 09, 2022
September, 9, 2022 Michael Orlitzky discovers another Critical Vulnerability, Publishes CVE-2022-40299Product - Singular, Versions affected - 4.3.0 and earlierFixed in commits 72df188 and 5f28fbf0, version 4.3.1Bug report https://github.com/Singular/Singular/issues/1137MITRE - https://cve.mitre...
Business News, Security News - Jan 03, 2021
Title: penDKIM unsafe /tmp usageAuthor: Michael OrlitzkySummaryThe OpenDKIM test suite relies on a fixed path under the world-writable /tmp for its temporary keys. The dangers of this are well-known. An attacker can exploit the situation to overwrite files belonging to the user who runs th...
Business News, Security News - Nov 17, 2020
Title: opentmpfiles root privilege escalation by symlink attackAuthor: Michael OrlitzkySummaryThe opentmpfiles program implements the tmpfiles.d specification for POSIX systems that do not run systemd. When processing file and directory entries, opentmpfiles calls...
Security News, Business News - Nov 17, 2020
Title: OpenRC checkpath root privilege escalation through non-terminal symlinksAuthor: Michael OrlitzkySummaryOpenRC's checkpath can be tricked into following symlinks present in non-terminal path components. Since checkpath is run as root and is often used to adjust the ownershi...
Security News, Business News - Jan 21, 2020
Title: Portage insecure temporary locationAuthor: Michael OrlitzkyFixedin: commit ef8c21e5, version 2.3.94SummaryThe Gentoo portage package manager builds packages in a temporary location. By default, that temporary location is accessible to unprivileged users even though the build essentially takes...
Security News, Business News - Oct 09, 2019
Title: Nix per-user profile directory hijackAuthor: Michael OrlitzkyFixedin: Nix pull request 3136 and Nix version 2.3.2.SummaryOut of the box, Nix creates an empty, world-writable, per-user profile directory. After Nix is installed but before a victim has (re)logged in, the victim's personal profil...
Security News, Business News - Mar 26, 2019
Title: Gentoo app-backup/burp root privilege escalation via writable configAuthor: Michael OrlitzkyFixedin: Partially addressed in commits 25a4b59e and 5cd39164. Fully fixed in commits 4b3a76d6, 2faf0fcb, and version 2.1.32-r1.SummaryPrior to version 2.1.32-r1, the Gentoo app-backup/burp package giv...
Security News, Business News - Dec 21, 2018
Title: systemd-tmpfiles root privilege escalation by following non-terminal symlinksAuthor: Michael OrlitzkyFixedin: Version 240 Pull request 8358: Commit 774f79b5 Commit 56114d45 Commit 936f6bdb Commit caced732 Commit e04fc13f Pull request 8822: Commit 31c84ff1 Commit b206ac8e Commit 14f3480a Commi...
Security News, Business News - Jun 23, 2018
Title: Gentoo app-backup/burp privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: commits f9cf5c23, 88b7eff0, and 5cd39164SummaryThe Gentoo app-backup/burp package gives ownership of its PID file directory to the daemon's runtime user. That can be exploited by the runtime...
Security News - Apr 22, 2018
Title: MySQL/MariaDB privilege escalation via PID file manipulationAuthor: Michael OrlitzkyFixedin: Summary The mysqld daemon creates its PID file after dropping privileges to a non-root user typically named mysql. That may be exploited by the unprivileged user to kill root processes, since whe...