all InfoSec news
VU#730007: Tychon is vulnerable to privilege escalation due to OPENSSLDIR location
April 28, 2022, 1:07 p.m. |
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
Tychon contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place files.
Description
Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that my be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able …
escalation location privilege privilege escalation vulnerable
More from kb.cert.org / CERT Recently Published Vulnerability Notes
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks
2 weeks, 6 days ago |
kb.cert.org
VU#446598: GPU kernel implementations susceptible to memory leak
3 months, 1 week ago |
kb.cert.org
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Advisory Red Consultant
@ Security Risk Advisors | Philadelphia, Pennsylvania, United States
Cyber Business Transformation Change Analyst
@ National Grid | Warwick, GB, CV34 6DA
Cyber Security Analyst
@ Ford Motor Company | Mexico City, MEX, Mexico
Associate Administrator, Cyber Security Governance (Fort Myers)
@ Millennium Physician Group | Fort Myers, FL, United States
Embedded GSOC Lead Operator, Events
@ Sibylline Ltd | Seattle, WA, United States