Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – 31 days of Paranoia – Day 18

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody blog Patch Lady – 31 days of Paranoia – Day 18

    This topic contains 6 replies, has 3 voices, and was last updated by  rc primak 4 weeks ago.

    • Author
      Posts
    • #225584 Reply

      Susan Bradley
      AskWoody MVP

      Today we’re taking a break from our normal paranoia to discuss a recent vulnerability.  The headlines imply that a guest user can gain admin rights vi
      [See the full post at: Patch Lady – 31 days of Paranoia – Day 18]

      Susan Bradley Patch Lady

      7 users thanked author for this post.
    • #225601 Reply

      anonymous

      Well yes, RID hijacking is a privilege escalation attack, where a non-admin can gain admin rights. That is indeed quite different from being authenticate straight to admin.

      However, lots of organizations have users with access levels other than “none” and “admin”, and that’s where RID hijacking becomes a problem.

    • #225665 Reply

      rc primak
      AskWoody MVP

      Libssh sounds like Linux terminology to me. Is this a Linux vulnerability, a Windows vulnerability, or both?

      -- rc primak

      • #225687 Reply

        anonymous

        If the defective libssh is used in a Linux server role, yes. I do not know if Microsoft used any of the libssh code.

      • #225688 Reply

        anonymous

        There might exist Windows programs which are using the indicated defective libssh.

    • #225698 Reply

      anonymous

      The libssh, while disturbing, isn’t quite as bad as it appears at first glance.

      Sites like github were not vulnerable because they didn’t use the affected libraries.  Distros which use libssh2, such as RHEL6 and RHEL7, are not affected.

      Should you check your systems?  Absolutely, and patch them if you happen to be running a vulnerable version.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Lady – 31 days of Paranoia – Day 18

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.