SSD Advisory – Ubuntu LightDM Guest Account Local Privilege Escalation

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes a local privilege escalation via LightDM found in Ubuntu versions 16.10 / 16.04 LTS.

Ubuntu is an open source software platform that runs everywhere from IoT devices, the smartphone, the tablet and the PC to the server and the cloud. LightDM is an X display manager that aims to be lightweight, fast, extensible and multi-desktop. It uses various front-ends to draw login interfaces, also called Greeters.

Credit
An independent security researcher, G. Geshev (@munmap), has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor Responses
The vendor has released a patch to address this issue.
For more information: https://www.ubuntu.com/usn/usn-3255-1/

CVE Details
CVE-2017-7358

Continue reading SSD Advisory – Ubuntu LightDM Guest Account Local Privilege Escalation

SSD Advisory – Sentora Web Hosting Control Panel Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities found in Sentora Web Hosting Control Panel that lead to remote code execution.

Sentora is a free to download and use web hosting control panel developed for Linux, UNIX and BSD based servers or computers. The Sentora software can turn a domestic or commercial server into a fully fledged, easy to use and manage web hosting server.

The vulnerabilities found in Sentora Web Hosting Control Panel are:

  • Authenticated Code Execution
  • Privilege Escalation

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor Response
The vendor has released an new version of the product which addressed the vulnerabilities.

Continue reading SSD Advisory – Sentora Web Hosting Control Panel Multiple Vulnerabilities

SSD Advisory – NCurses 5.9 Local Privilege Escalation

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes an Local Privilege Escalation vulnerability in NCurses, version 5.9.

Credit
An independent security researcher Dawid Golunski (https://legalhackers.com/) has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor Responses
NCurses has released a patch to address the vulnerability.

Thomas Dickey has also added the following statement “I don’t know of any actual packages which have traces enabled by default”.

Continue reading SSD Advisory – NCurses 5.9 Local Privilege Escalation