Archive for the ‘privilege escalation’ Category

Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

December 6th, 2018
Hold tight, this may blow your mind… A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any systemctl command unauthorizedly—thanks to a newly discovered vulnerability. The reported vulnerability actually resides in PolicyKit (also known as polkit)—an application-level toolkit for Unix-like operating systems that defines

Posted in Debian, linux, Linux Vulnerability, privilege escalation, Red Hat, Ubuntu, user privilege, Vulnerability | Comments (0)

New Privilege Escalation Flaw Affects Most Linux Distributions

October 26th, 2018
An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora. Xorg X server is a popular open-source implementation of the X11 system (display server) that offers a graphical environment to a wider range of hardware and OS platforms. It serves as an

Posted in CentOS, Debian, Fedora, Linux distribution, Linux server, Linux Vulnerability, OpenBSD, privilege escalation, Red Hat, Ubuntu | Comments (0)

Critical Flaws Found in Windows NTLM Security Protocol – Patch Now

July 12th, 2017

As part of this month’s Patch Tuesday, Microsoft has released security patches for a serious privilege escalation vulnerability which affect all versions of its Windows operating system for enterprises released since 2007.

Researchers at behavioral firewall specialist Preempt discovered two zero-day vulnerabilities in Windows NTLM security protocols, both of which allow attackers to create a

Posted in hacking news, Microsoft Windows, privilege escalation, RDP exploit, RDP server hacking, Vulnerability, windows hacking, windows Vulnerability, zero-day exploit | Comments (0)

A Decade Old Unix/Linux/BSD Root Privilege-Escalation Bug Discovered

June 20th, 2017

Security researchers have discovered more than a decade-old vulnerability in several Unix-based operating systems — including Linux, OpenBSD, NetBSD, FreeBSD and Solaris — which can be exploited by attackers to escalate their privileges to root, potentially leading to a full system takeover.

Dubbed Stack Clash, the vulnerability (CVE-2017-1000364) has been discovered in the way memory was

Posted in freebsd, hacking news, Linux exploit, Linux Vulnerability, local root exploit, OpenBSD, privilege escalation, root exploit, solaris os, Vulnerability | Comments (0)

A Decade Old Unix/Linux/BSD Root Privilege-Escalation Bug Discovered

June 20th, 2017

Security researchers have discovered more than a decade-old vulnerability in several Unix-based operating systems — including Linux, OpenBSD, NetBSD, FreeBSD and Solaris — which can be exploited by attackers to escalate their privileges to root, potentially leading to a full system takeover.

Dubbed Stack Clash, the vulnerability (CVE-2017-1000364) has been discovered in the way memory was

Posted in freebsd, hacking news, Linux exploit, Linux Vulnerability, local root exploit, OpenBSD, privilege escalation, root exploit, solaris os, Vulnerability | Comments (0)

A Decade Old Unix/Linux/BSD Root Privilege-Escalation Bug Discovered

June 20th, 2017

Update: Find working Exploits and Proof-of-Concepts at the bottom of this article.

Security researchers have discovered more than a decade-old vulnerability in several Unix-based operating systems — including Linux, OpenBSD, NetBSD, FreeBSD and Solaris — which can be exploited by attackers to escalate their privileges to root, potentially leading to a full system takeover.

Dubbed Stack Clash

Posted in freebsd, hacking news, Linux exploit, Linux Vulnerability, local root exploit, OpenBSD, privilege escalation, root exploit, solaris os, Vulnerability | Comments (0)

11-Year Old Linux Kernel Local Privilege Escalation Flaw Discovered

February 22nd, 2017

Another privilege-escalation vulnerability has been discovered in Linux kernel that dates back to 2005 and affects major distro of the Linux operating system, including Redhat, Debian, OpenSUSE, and Ubuntu.

Over a decade old Linux Kernel bug (CVE-2017-6074) has been discovered by security researcher Andrey Konovalov in the DCCP (Datagram Congestion Control Protocol) implementation using

Posted in DCCP protocol, hacking news, Linux kernel, Linux kernel development, Linux kernel exploit, local root exploit, privilege escalation, Vulnerability | Comments (0)

Critical Flaws in MySQL Give Hackers Root Access to Server (Exploits Released)

November 3rd, 2016

Over a month ago we reported about two critical zero-day vulnerabilities in the world’s 2nd most popular database management software MySQL:

MySQL Remote Root Code Execution (CVE-2016-6662)
Privilege Escalation (CVE-2016-6663)

At that time, Polish security researcher Dawid Golunski of Legal Hackers who discovered these vulnerabilities published technical details and proof-of-concept exploit

Posted in hacking database, hacking mysql, hacking news, MariaDB, MySQL, PerconaDB, privilege escalation, Remote code execution vulnerability, server hacking, server security, Vulnerability | Comments (0)

Critical MySQL Vulnerabilities Can Lead to Server Compromise

November 2nd, 2016

Critical vulnerabilities in MySQL and database servers MariaDB and PerconaDB can lead to arbitrary code execution, root privilege escalation, and server compromise.

Posted in Dawid Golunski, Legal Hackers, MariaDB, MySQL, MySQL vulnerabilities, Percona Server, privilege escalation, race condition, Root privilege escalation, vulnerabilities, Web Security | Comments (0)

Critical MySQL Vulnerability Disclosed

September 12th, 2016

A researcher has disclosed some details and a limited proof-of-concept for a critical MySQL vulnerability. The flaw has been patched in MariaDB and PerconaDB.

Posted in Database Security, Dawid Golunski, Legal Hackers, MariaDB, MySQL, PerconaDB, privilege escalation, remote code execution, SQL injection, vulnerabilities, Web Security | Comments (0)