search for: escalation

...tself is a very powerful attack vector. It will simplify any attack on any binary that is affected. Read the article and weep. (The ridiculous value of that kernel parameter is making matters even worse, but I understand I'll have to take up that issue elsewhere.) We do not need the privilege escalation in the binary. The vector will make any attack way easier, including a potential privilege escalation. So by continuing to have these memory leaks in the binary you are making it easier for a malevolent local user to mount an attack that might cause the "desired" privilege escalation. Bu...

Asterisk Project Security Advisory - AST-2013-007 Product Asterisk Summary Asterisk Manager User Dialplan Permission Escalation Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known None...

Asterisk Project Security Advisory - AST-2013-007 Product Asterisk Summary Asterisk Manager User Dialplan Permission Escalation Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known None...

On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote: > Escalation *requires* attacking a program in a security context other > than your own. Not necessarily. Suppose the adversary is aware of a root exploit/privilege escalation in a random library. Then the heap spraying allows this attacker to easily trigger this exploit because he is able to initialize th...

Source: xen Version: 4.1.2-2 Severity: critical Tags: security Justification: allows PV domains to escape into the dom0 context Hi, I realize you're most likely pretty well aware of that problem already, but Debian's Xen versions are vulnerable to a PV privilege escalation [1]. The issue is tracked as CVE-2012-0217 and public as of today. Therefore I am filing this bug for coordination and traceability. Please update the packages and consider a security update for Squeeze. [1] http://lists.xen.org/archives/html/xen-devel/2012-06/msg00670.html -- System Information...

On 02/02/2017 12:37 PM, Leonard den Ottolander wrote: > So by continuing to have these memory leaks in the binary you are making > it easier for a malevolent local user to mount an attack that might > cause the "desired" privilege escalation. I'm really struggling to explain this more simply and clearly. Privilege escalation means that the attacker gains a privilege they do not start with. Right? Escalation means that you end with more than you started with. If a local user runs pkcheck in a manner that triggers the flaw, t...

Asterisk Project Security Advisory - AST-2014-018 Product Asterisk Summary AMI permission escalation through DB dialplan function Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor...

Asterisk Project Security Advisory - AST-2014-018 Product Asterisk Summary AMI permission escalation through DB dialplan function Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor...

Asterisk Project Security Advisory - AST-2014-017 Product Asterisk Summary Permission escalation through ConfBridge actions/dialplan functions Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor...

Asterisk Project Security Advisory - AST-2014-017 Product Asterisk Summary Permission escalation through ConfBridge actions/dialplan functions Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor...

https://bugzilla.netfilter.org/show_bug.cgi?id=1467 Bug ID: 1467 Summary: [sets] support adaptive (escalating) rule(s) Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at netfilter.org

...s ? > > > > 2. if so, then what is the advantage of changing those permissions when > > the entity possessing root authority can already read shadow - that > > entity requires neither group nor user permissions to read shadow. > > The concept in play here is privilege escalation. > > An exploit may not give you all that root can do, but may be limited > to, say, tricking the system to change file permission. > From there an attacker could use that and other exploits to escalate privileges. How could file permission modification of /etc/shadow be used to &quot...

hey.. I talked to my sysadmins about getting access to the dtrace_kernel role, and they said they were hesitant to give this out because they thought it was a security risk - ie: that you could use it for privilege escalation. How true is this? Is there a way to make it user safe? If not, why is it offered as an option for regular users? Thanks much, Ed -- This message posted from opensolaris.org

Hello everyone, The bugpoint is changed to escalate remote client return status 255 (per discussion - Re: [llvm-commits] [llvm] r75665 - /llvm/trunk/tools/bugpoint/ToolRunner.cpp) Please find the patch attached. -Viktor -------------- next part -------------- A non-text attachment was scrubbed... Name: ToolRunner.diff Type: application/octet-stream Size: 4710 bytes Desc: not available URL:

Howdy, have working realtime queues using queue_members looking something like; queuea|Local/101@context|0 queuea|Local/102@context|1 queuea|Local/103@context|10 Regardless of what strategy is used in the queues (roundrobin,rrmemory,ringall etc) it wont escalate on NOANSWER Asterisk SVN-branch-1.2-r33841 Any clues are appreciated! /Danny

...gled!* Checking services... Checked 341 services. Checking hosts... Checked 27 hosts. Checking host groups... Checked 13 host groups. Checking service groups... Checked 3 service groups. Checking contacts... Checked 27 contacts. Checking contact groups... Checked 10 contact groups. Checking service escalations... Checked 0 service escalations. Checking service dependencies... Checked 0 service dependencies. Checking host escalations... Checked 0 host escalations. Checking host dependencies... Checked 0 host dependencies. Checking commands... Checked 77 commands. Checking time periods... Checked 4 time p...

Package: xen-unstable Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-unstable. CVE-2008-0928[0]: | Qemu 0.9.1 and earlier does not perform range checks for block device | read or write requests, which allows guest host users with root | privileges to access arbitrary memory and escape the virtual machine. If you fix

...ait for the official kernel. It is the standard CentOS kernel with one added patch ( https://bugzilla.redhat.com/attachment.cgi?id=767364) This kernel needs to be tested for fitness by each user before being placed in production. It is a best effort to mitigate an issue that can cause local user escalation to root while waiting for upstream to fix and QA the official kernel. Use at your own risk. Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL:...

...s should be available from the normal xen4 repositories sometime this afternoon. -George ---------- Forwarded message ---------- From: Xen.org security team <security at xen.org> Date: Wed, May 13, 2015 at 12:16 PM Subject: [Xen-users] Xen Security Advisory 133 (CVE-2015-3456) - Privilege escalation via emulated floppy disk drive To: xen-announce at lists.xen.org, xen-devel at lists.xen.org, xen-users at lists.xen.org, oss-security at lists.openwall.com Cc: "Xen.org security team" <security at xen.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Ad...

...configuration entries exist in Dovecot configuration, which have the same driver and args settings, the incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation with certain configurations involving master user authentication. Dovecot documentation does not advise against the use of passdb definitions which have the same driver and args settings. One such configuration would be where an administrator wishes to use the same pam configuration or passwd file...