Displaying 20 results from an estimated 539 matches for "escalating".
2017 Feb 02
2
Serious attack vector on pkcheck ignored by Red Hat
On Thu, 2017-02-02 at 12:18 -0800, Gordon Messmer wrote:
> I apologize if my intent was unclear. I was providing you with the text
> that you should use in your bug report. I am not explaining the problem
> to you, I am showing you a clear way to explain the problem in the bug
> report. You should use the appropriate parts of the text I provided,
> and basically nothing else.
2013 Dec 16
0
AST-2013-007: Asterisk Manager User Dialplan Permission Escalation
Asterisk Project Security Advisory - AST-2013-007
Product Asterisk
Summary Asterisk Manager User Dialplan Permission Escalation
Nature of Advisory Permission Escalation
Susceptibility Remote Authenticated Sessions
Severity Minor
2013 Dec 16
0
AST-2013-007: Asterisk Manager User Dialplan Permission Escalation
Asterisk Project Security Advisory - AST-2013-007
Product Asterisk
Summary Asterisk Manager User Dialplan Permission Escalation
Nature of Advisory Permission Escalation
Susceptibility Remote Authenticated Sessions
Severity Minor
2017 Feb 09
4
Serious attack vector on pkcheck ignored by Red Hat
On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote:
> Escalation *requires* attacking a program in a security context other
> than your own.
Not necessarily. Suppose the adversary is aware of a root
exploit/privilege escalation in a random library. Then the heap spraying
allows this attacker to easily trigger this exploit because he is able
to initialize the entire contents of the
2012 Jun 12
3
Bug#677221: xen: Xen PV privilege escalation (CVE-2012-0217)
Source: xen
Version: 4.1.2-2
Severity: critical
Tags: security
Justification: allows PV domains to escape into the dom0 context
Hi,
I realize you're most likely pretty well aware of that problem already, but
Debian's Xen versions are vulnerable to a PV privilege escalation [1]. The issue
is tracked as CVE-2012-0217 and public as of today.
Therefore I am filing this bug for coordination
2017 Feb 02
0
Serious attack vector on pkcheck ignored by Red Hat
On 02/02/2017 12:37 PM, Leonard den Ottolander wrote:
> So by continuing to have these memory leaks in the binary you are making
> it easier for a malevolent local user to mount an attack that might
> cause the "desired" privilege escalation.
I'm really struggling to explain this more simply and clearly. Privilege
escalation means that the attacker gains a privilege they
2014 Nov 21
0
AST-2014-018: AMI permission escalation through DB dialplan function
Asterisk Project Security Advisory - AST-2014-018
Product Asterisk
Summary AMI permission escalation through DB dialplan
function
Nature of Advisory Permission Escalation
Susceptibility Remote
2014 Nov 21
0
AST-2014-018: AMI permission escalation through DB dialplan function
Asterisk Project Security Advisory - AST-2014-018
Product Asterisk
Summary AMI permission escalation through DB dialplan
function
Nature of Advisory Permission Escalation
Susceptibility Remote
2014 Nov 21
0
AST-2014-017: <font size="3" style="font-size: 12pt">Permission escalation through ConfBridge actions/dialplan functions</font>
Asterisk Project Security Advisory - AST-2014-017
Product Asterisk
Summary Permission escalation through ConfBridge
actions/dialplan functions
Nature of Advisory Permission Escalation
Susceptibility Remote
2014 Nov 21
0
AST-2014-017: <font size="3" style="font-size: 12pt">Permission escalation through ConfBridge actions/dialplan functions</font>
Asterisk Project Security Advisory - AST-2014-017
Product Asterisk
Summary Permission escalation through ConfBridge
actions/dialplan functions
Nature of Advisory Permission Escalation
Susceptibility Remote
2020 Sep 23
2
[Bug 1467] New: [sets] support adaptive (escalating) rule(s)
https://bugzilla.netfilter.org/show_bug.cgi?id=1467
Bug ID: 1467
Summary: [sets] support adaptive (escalating) rule(s)
Product: nftables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: vtolkm at gmail...
2015 Feb 06
2
Another Fedora decision
On Fri, 2015-02-06 at 10:50 +1100, Kahlil Hodgson wrote:
> On 6 February 2015 at 10:23, Always Learning <centos at u64.u22.net> wrote:
> > Logically ?
> >
> > 1. to change the permissions on shadow from -rw-x------ or from
> > ---------- to -rw-r--r-- requires root permissions ?
> >
> > 2. if so, then what is the advantage of changing those permissions
2008 Oct 14
5
dtrace_kernel and privilege escalation
hey..
I talked to my sysadmins about getting access to the dtrace_kernel role, and they said they were hesitant to give this out because they thought it was a security risk - ie: that you could use it for privilege escalation.
How true is this? Is there a way to make it user safe? If not, why is it offered as an option for regular users?
Thanks much,
Ed
--
This message posted from
2009 Jul 16
1
[LLVMdev] [PATCH] bugpoint to escalate remote client return status 255
Hello everyone,
The bugpoint is changed to escalate remote client return status 255 (per
discussion - Re: [llvm-commits] [llvm] r75665 -
/llvm/trunk/tools/bugpoint/ToolRunner.cpp)
Please find the patch attached.
-Viktor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ToolRunner.diff
Type: application/octet-stream
Size: 4710 bytes
Desc: not available
URL:
2006 Jun 14
1
Realtime queue_members and penalties nost escalating (clue anyone?)
Howdy,
have working realtime queues using queue_members looking something like;
queuea|Local/101@context|0
queuea|Local/102@context|1
queuea|Local/103@context|10
Regardless of what strategy is used in the queues
(roundrobin,rrmemory,ringall etc) it wont escalate on NOANSWER
Asterisk SVN-branch-1.2-r33841
Any clues are appreciated!
/Danny
2012 May 31
1
Warning: Size of service_message struct (8376 bytes) is > POSIX-guaranteed atomic write size (512 bytes).
Hi,
I am running Nagios on CentOS release 5.5 (Final). Any clue about the below
warning? Please let me know if any one needs any additional information.
/usr/sbin/nagios -v /etc/nagios/nagios.cfg
Nagios 2.12
Copyright (c) 1999-2007 Ethan Galstad (http://www.nagios.org)
Last Modified: 05-19-2008
License: GPL
Reading configuration data...
Running pre-flight check on configuration data...
2008 Mar 06
1
Bug#469654: xen-unstable: CVE-2008-0928 privilege escalation
Package: xen-unstable
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xen-unstable.
CVE-2008-0928[0]:
| Qemu 0.9.1 and earlier does not perform range checks for block device
| read or write requests, which allows guest host users with root
| privileges to access arbitrary memory and escape the virtual machine.
If you fix
2013 Jul 02
2
Possible Kernel user escalation issue for CentOS-6.4
The following kernel has been built while waiting for upstream to
release a new kernel that addresses CVE-2013-2224:
http://people.centos.org/hughesjr/c6kernel/2.6.32-358.11.1.el6.cve20132224/
Please see this upstream bug for details:
https://bugzilla.redhat.com/show_bug.cgi?id=979936
=========================
Note: This kernel has been minimally tested and is provided as is for
people who
2015 May 13
0
Xen Security Advisory 133 (CVE-2015-3456) - Privilege escalation via emulated floppy disk drive
xen-4.4.2-2, available from the virt6-testing repository, includes the
fix for this issue.
Note that Xen actually does attempt to disable the floppy disk for HVM
domains by default, but due to a bug in qemu, the floppy disk only
partially disabled; enough functionality to exploit this bug remains.
This should be available from the normal xen4 repositories sometime
this afternoon.
-George
2022 Jul 06
1
CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
Affected product: Dovecot IMAP Server
Internal reference: DOV-5320
Vulnerability type: Improper Access Control (CWE-284)
Vulnerable version: 2.2
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed in main
Researcher credits: Julian Brook (julezman)
Vendor notification: 2022-05-06
CVE reference: CVE-2022-30550
CVSS: 6.8