all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

VU#730007: Tychon is vulnerable to privilege escalation due to OPENSSLDIR location

Add to bookmarks
April 28, 2022, 1:07 p.m. |

CERT Recently Published Vulnerability Notes kb.cert.org

Overview


Tychon contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place files.


Description


Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that my be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able …

escalation location privilege privilege escalation vulnerable

Visit resource

More from kb.cert.org / CERT Recently Published Vulnerability Notes

VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models 1 week ago | kb.cert.org
application arbitrary code attacker attackers +14
VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows 1 week, 6 days ago | kb.cert.org
arbitrary code attackers cases code +15
VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks 2 weeks ago | kb.cert.org
architectures attacker attacks bhi +20
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks 2 weeks, 6 days ago | kb.cert.org
attacks can dos fragments +6
VU#417980: UDP-based, application-layer protocol implementations are vulnerable to network loops 1 month ago | kb.cert.org
abuse application applications attacker +18
VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions 1 month, 1 week ago | kb.cert.org
architectures attacker can conditions +13
VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file … 1 month, 2 weeks ago | kb.cert.org
app attacks bluetooth called +11
VU#446598: GPU kernel implementations susceptible to memory leak 3 months, 1 week ago | kb.cert.org
access amd apple attacker +18
VU#302671: SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies 3 months, 1 week ago | kb.cert.org
attacker bypass can data +17

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Advisory Red Consultant

@ Security Risk Advisors | Philadelphia, Pennsylvania, United States
View on infosec-jobs.com

Cyber Business Transformation Change Analyst

@ National Grid | Warwick, GB, CV34 6DA
View on infosec-jobs.com

Cyber Security Analyst

@ Ford Motor Company | Mexico City, MEX, Mexico
View on infosec-jobs.com

Associate Administrator, Cyber Security Governance (Fort Myers)

@ Millennium Physician Group | Fort Myers, FL, United States
View on infosec-jobs.com

Embedded GSOC Lead Operator, Events

@ Sibylline Ltd | Seattle, WA, United States
View on infosec-jobs.com
View more jobs