Tag: Privilege Escalation

Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.

SSD Advisory – 360 Total Security Privileged Escalation

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes an Privileged Escalation vulnerability found in 360 Total Security.

360 Total Security offers your PC complete protection from Viruses, Trojans and other emerging threats.

Whether you are shopping online, downloading files or chatting with your friends you can be sure that 360 Total Security is there to keep you safe and your computer optimized. Clean-up utility is just one click away to keep your PC in optimal condition.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
The vendor has released patches to address this vulnerability and has only provided these details in response to our query on the status: “We will release this patch on 7/7”

CVE: CVE-2017-12653

Continue reading SSD Advisory – 360 Total Security Privileged Escalation

SSD Advisory – Trend Micro Interscan Web Security Virtual Appliance Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes three (3) vulnerabilities found in Trend Micro Interscan Web Security Virtual Appliance version 6.5.

“The Trend Micro Hybrid Cloud Security solution, powered by XGen security, delivers a blend of cross-generational threat defense techniques that have been optimized to protect physical, virtual, and cloud workloads.”

The vulnerabilities found in Trend Micro Interscan Web Security Virtual Appliance:

  1. XML External Entity (XXE) that lead to arbitrary file disclosure
  2. Local Privilege Escalation
  3. Remote code execution

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Trend Micro has released patches to address these vulnerabilities and issued the following advisory: https://success.trendmicro.com/solution/1117412

Continue reading SSD Advisory – Trend Micro Interscan Web Security Virtual Appliance Multiple Vulnerabilities

SSD Advisory – Serviio Media Server Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes a five (5) vulnerabilities found in Serviio Media Server. Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1.

Serviio is a free media server. It allows you to stream your media files (music, video or images) to renderer devices (e.g. a TV set, Bluray player, games console or mobile phone) on your connected home network.

Serviio works with many devices from your connected home (TV, Playstation 3, XBox 360, smart phones, tablets, etc.). It supports profiles for particular devices so that it can be tuned to maximise the device’s potential and/or minimize lack of media format playback support (via transcoding).

Serviio is based on Java technology and therefore runs on most platforms, including Windows, Mac and Linux (incl. embedded systems, e.g. NAS).

The vulnerabilities found in Serviio Media Server are:

  • Remote Code Execution
  • Local Privilege Escalation
  • Unauthenticated Password Modification
  • Information Disclosure
  • DOM-Based Cross-Site Scripting (XSS)

Credit
An independent security researcher Gjoko Krstic from Zero Science Lab has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor Response
We have tried on numerous occasions over the past two months to contact the vendor, all emails sent to them went unanswered.

Continue reading SSD Advisory – Serviio Media Server Multiple Vulnerabilities

SSD Advisory – Ubuntu LightDM Guest Account Local Privilege Escalation

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes a local privilege escalation via LightDM found in Ubuntu versions 16.10 / 16.04 LTS.

Ubuntu is an open source software platform that runs everywhere from IoT devices, the smartphone, the tablet and the PC to the server and the cloud. LightDM is an X display manager that aims to be lightweight, fast, extensible and multi-desktop. It uses various front-ends to draw login interfaces, also called Greeters.

Credit
An independent security researcher, G. Geshev (@munmap), has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor Responses
The vendor has released a patch to address this issue.
For more information: https://www.ubuntu.com/usn/usn-3255-1/

CVE Details
CVE-2017-7358

Continue reading SSD Advisory – Ubuntu LightDM Guest Account Local Privilege Escalation