[PLUG] text editor priv escalation

jeff on 15 Mar 2018 06:53:38 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] text editor priv escalation

From: jeff <jeffv@op.net>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: [PLUG] text editor priv escalation
Date: Thu, 15 Mar 2018 09:53:32 -0400
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0

https://www.securityweek.com/hackers-can-abuse-text-editors-privilege-escalation

For an attack to work, the attacker needs to somehow hijack a legitimateuser account that has regular privileges, which can be achieved throughphishing, social engineering and other methods. In the case of amalicious insider, the vulnerability found by SafeBreach can be usefulfor executing code with elevated privileges if their permissions havebeen restricted by the system administrator to certain files and commands.




Remember: vim has been outlawed under the Geneva Convention as torture.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] text editor priv escalation
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] text editor priv escalation
  - From: Walt Mankowski <waltman@pobox.com>

Prev by Date: Re: [PLUG] Ready Player One: A Novel (and about to be a movie)
Next by Date: Re: [PLUG] text editor priv escalation
Previous by thread: Re: [PLUG] AWS Scripting using awscli and bash
Next by thread: Re: [PLUG] text editor priv escalation
Index(es):
- Date
- Thread