search for: escalating

Displaying 20 results from an estimated 539 matches for "escalating".

2017 Feb 02
2
Serious attack vector on pkcheck ignored by Red Hat
On Thu, 2017-02-02 at 12:18 -0800, Gordon Messmer wrote: > I apologize if my intent was unclear. I was providing you with the text > that you should use in your bug report. I am not explaining the problem > to you, I am showing you a clear way to explain the problem in the bug > report. You should use the appropriate parts of the text I provided, > and basically nothing else.
2013 Dec 16
0
AST-2013-007: Asterisk Manager User Dialplan Permission Escalation
Asterisk Project Security Advisory - AST-2013-007 Product Asterisk Summary Asterisk Manager User Dialplan Permission Escalation Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor
2013 Dec 16
0
AST-2013-007: Asterisk Manager User Dialplan Permission Escalation
Asterisk Project Security Advisory - AST-2013-007 Product Asterisk Summary Asterisk Manager User Dialplan Permission Escalation Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor
2017 Feb 09
4
Serious attack vector on pkcheck ignored by Red Hat
On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote: > Escalation *requires* attacking a program in a security context other > than your own. Not necessarily. Suppose the adversary is aware of a root exploit/privilege escalation in a random library. Then the heap spraying allows this attacker to easily trigger this exploit because he is able to initialize the entire contents of the
2012 Jun 12
3
Bug#677221: xen: Xen PV privilege escalation (CVE-2012-0217)
Source: xen Version: 4.1.2-2 Severity: critical Tags: security Justification: allows PV domains to escape into the dom0 context Hi, I realize you're most likely pretty well aware of that problem already, but Debian's Xen versions are vulnerable to a PV privilege escalation [1]. The issue is tracked as CVE-2012-0217 and public as of today. Therefore I am filing this bug for coordination
2017 Feb 02
0
Serious attack vector on pkcheck ignored by Red Hat
On 02/02/2017 12:37 PM, Leonard den Ottolander wrote: > So by continuing to have these memory leaks in the binary you are making > it easier for a malevolent local user to mount an attack that might > cause the "desired" privilege escalation. I'm really struggling to explain this more simply and clearly. Privilege escalation means that the attacker gains a privilege they
2014 Nov 21
0
AST-2014-018: AMI permission escalation through DB dialplan function
Asterisk Project Security Advisory - AST-2014-018 Product Asterisk Summary AMI permission escalation through DB dialplan function Nature of Advisory Permission Escalation Susceptibility Remote
2014 Nov 21
0
AST-2014-018: AMI permission escalation through DB dialplan function
Asterisk Project Security Advisory - AST-2014-018 Product Asterisk Summary AMI permission escalation through DB dialplan function Nature of Advisory Permission Escalation Susceptibility Remote
2014 Nov 21
0
AST-2014-017: <font size="3" style="font-size: 12pt">Permission escalation through ConfBridge actions/dialplan functions</font>
Asterisk Project Security Advisory - AST-2014-017 Product Asterisk Summary Permission escalation through ConfBridge actions/dialplan functions Nature of Advisory Permission Escalation Susceptibility Remote
2014 Nov 21
0
AST-2014-017: <font size="3" style="font-size: 12pt">Permission escalation through ConfBridge actions/dialplan functions</font>
Asterisk Project Security Advisory - AST-2014-017 Product Asterisk Summary Permission escalation through ConfBridge actions/dialplan functions Nature of Advisory Permission Escalation Susceptibility Remote
2020 Sep 23
2
[Bug 1467] New: [sets] support adaptive (escalating) rule(s)
https://bugzilla.netfilter.org/show_bug.cgi?id=1467 Bug ID: 1467 Summary: [sets] support adaptive (escalating) rule(s) Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: vtolkm at gmail...
2015 Feb 06
2
Another Fedora decision
On Fri, 2015-02-06 at 10:50 +1100, Kahlil Hodgson wrote: > On 6 February 2015 at 10:23, Always Learning <centos at u64.u22.net> wrote: > > Logically ? > > > > 1. to change the permissions on shadow from -rw-x------ or from > > ---------- to -rw-r--r-- requires root permissions ? > > > > 2. if so, then what is the advantage of changing those permissions
2008 Oct 14
5
dtrace_kernel and privilege escalation
hey.. I talked to my sysadmins about getting access to the dtrace_kernel role, and they said they were hesitant to give this out because they thought it was a security risk - ie: that you could use it for privilege escalation. How true is this? Is there a way to make it user safe? If not, why is it offered as an option for regular users? Thanks much, Ed -- This message posted from
2009 Jul 16
1
[LLVMdev] [PATCH] bugpoint to escalate remote client return status 255
Hello everyone, The bugpoint is changed to escalate remote client return status 255 (per discussion - Re: [llvm-commits] [llvm] r75665 - /llvm/trunk/tools/bugpoint/ToolRunner.cpp) Please find the patch attached. -Viktor -------------- next part -------------- A non-text attachment was scrubbed... Name: ToolRunner.diff Type: application/octet-stream Size: 4710 bytes Desc: not available URL:
2006 Jun 14
1
Realtime queue_members and penalties nost escalating (clue anyone?)
Howdy, have working realtime queues using queue_members looking something like; queuea|Local/101@context|0 queuea|Local/102@context|1 queuea|Local/103@context|10 Regardless of what strategy is used in the queues (roundrobin,rrmemory,ringall etc) it wont escalate on NOANSWER Asterisk SVN-branch-1.2-r33841 Any clues are appreciated! /Danny
2012 May 31
1
Warning: Size of service_message struct (8376 bytes) is > POSIX-guaranteed atomic write size (512 bytes).
Hi, I am running Nagios on CentOS release 5.5 (Final). Any clue about the below warning? Please let me know if any one needs any additional information. /usr/sbin/nagios -v /etc/nagios/nagios.cfg Nagios 2.12 Copyright (c) 1999-2007 Ethan Galstad (http://www.nagios.org) Last Modified: 05-19-2008 License: GPL Reading configuration data... Running pre-flight check on configuration data...
2008 Mar 06
1
Bug#469654: xen-unstable: CVE-2008-0928 privilege escalation
Package: xen-unstable Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-unstable. CVE-2008-0928[0]: | Qemu 0.9.1 and earlier does not perform range checks for block device | read or write requests, which allows guest host users with root | privileges to access arbitrary memory and escape the virtual machine. If you fix
2013 Jul 02
2
Possible Kernel user escalation issue for CentOS-6.4
The following kernel has been built while waiting for upstream to release a new kernel that addresses CVE-2013-2224: http://people.centos.org/hughesjr/c6kernel/2.6.32-358.11.1.el6.cve20132224/ Please see this upstream bug for details: https://bugzilla.redhat.com/show_bug.cgi?id=979936 ========================= Note: This kernel has been minimally tested and is provided as is for people who
2015 May 13
0
Xen Security Advisory 133 (CVE-2015-3456) - Privilege escalation via emulated floppy disk drive
xen-4.4.2-2, available from the virt6-testing repository, includes the fix for this issue. Note that Xen actually does attempt to disable the floppy disk for HVM domains by default, but due to a bug in qemu, the floppy disk only partially disabled; enough functionality to exploit this bug remains. This should be available from the normal xen4 repositories sometime this afternoon. -George
2022 Jul 06
1
CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
Affected product: Dovecot IMAP Server Internal reference: DOV-5320 Vulnerability type: Improper Access Control (CWE-284) Vulnerable version: 2.2 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed in main Researcher credits: Julian Brook (julezman) Vendor notification: 2022-05-06 CVE reference: CVE-2022-30550 CVSS: 6.8