Fifth Anniversary

7 November 2019

I started this blog five years ago. In the beginning I wrote mostly articles about sysadmin and programming. Now its also filled with security related stuff. It’s fascinating for me to have a history of my interests. It’s sadly that my spare time got rare and so it happens that I don’t write much lately. My intention for the next 5 years is, to be more consequent with writing articles.

Read more..
CVE-2019-15741: Privilege Escalation via Logrotate in Gitlab Omnibus

4 October 2019


  • Identifier: AIT-SA-20190930-01
  • Target: GitLab Omnibus
  • Vendor: GitLab
  • Version: 7.4 through 12.2.1
  • Fixed in Version: 12.2.3, 12.1.8 and 12.0.8
  • CVE: CVE-2019-15741
  • Accessibility: Local
  • Severity: Low
  • Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)

Vulnerability Description

GitLab Omnibus sets the ownership of the log directory to the system-user “git”, which might let local users obtain root access because of unsafe interaction with logrotate.

Read more..
Privilege escalation in groonga-httpd (CVE-2019-11675)

7 May 2019


  • System affected: Debian packages of groonga/-httpd 6.1.5-1
  • Software-Version: 6.1.5-1
  • User-Interaction: Not required
  • Impact: Local root
  • CVE: CVE-2019-11675
Read more..
Anatomy of a Linux container rootkit

7 May 2019

This year I gave a talk at the Easterhegg 2019 about a Linux kernel rootkit that can handle containers. I mainly presented my Bachelor work from 2017 with some improvements.

Read more..
Details of a logrotate race-condition

1 May 2019

Logrotate is prone to a race-condition on systems with a log directory that is in control of a low privileged user. A malicious user could trick logrotate to create files in any directory if it is executed as root. This might lead into a privileged escalation.

Read more..
Abusing a race condition in logrotate to elevate privileges

14 January 2019

Together with a friend we took part of the Capture The Flag at the 35C3. One challenge was that one:

Logrotate is designed to ease administration of systems that generate large numbers of log files. It allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large. It also gives you a root shell.

Read more..
Merry Christmas

24 December 2018

I wish you a merry christmas and a happy new year.

Read more..
What the hack is "E-Brief"

8 December 2018

This week I received an email from my bank company. They advertised that they are cooperating with the “Post”(Austrian mailprovider) and recommended to use “E-Brief” for notifications from them. My first thought was: “it’s E-Mail”. Because E-Brief translated from german means: “E-Mail”. So I took a look in the FAQ’s from the Post and they wrote things like(translated from German):

Your E-“Letter Box” from everywhere

High security

Read more..
Fourth Anniversary

7 November 2018

This blog really became 4 years old. When I started to write it was mostly for practicing written english. But my intention was always to give something back to the open-source community. I failed terribly with the first point. My english is as bad as it was before, but I have readers and get responses to some articles. It seems that I didn’t failed with “giving something back to the open-source community”.

Thank you to all my readers.

Read more..
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti