• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GRSecurity Elevated Service Privileges Weakness

The grsecurity patch may improperly allow services to run with elevated privileges. This issue is due to a failure of the kernel to properly drop administrative roles.

This issue may lead to a false sense of security by allowing network services that are intended to have limited privileges to have administrative privileges. The exact repercussions of this issue depend on the particular function of the services running with elevated privileges. Privileges granted to services depend on the configured administrative role.

Attackers may exploit latent vulnerabilities in network services, and compromise the underlying computer. This is due to the targeted service having elevated privileges that are not intended.