Hi. On Sat, 2 Nov 2013 11:46:48 -0500 "Cybe R. Wizard" <cybe_r_wiz...@earthlink.net> wrote: > > How about this bug: > > > > http://www.sudo.ws/sudo/alerts/sudo_debug.html > > > > Impact: Successful exploitation of the bug will allow a user to run > > arbitrary commands as root. > > > > Exploitation of the bug does not require that the attacker be listed > > in the sudoers file. As such, we strongly suggest that affected sites > > upgrade from affected sudo versions as soon as possible. > > > How valid is that considering that Wheezy is using sudo > version 1.8.5p2-1+nmu1 ?
Perfectly valid, considering that this part of thread is about using sudo in the UNIX environment, not Linux one. > May I assume that there are still a lot of non-upgraded machines out there? Depends. For example, AIX 5, 6 and 7 all have sudo-1.6.7p5-3 (the only version built officially by IBM). Unless you build sudo from the source - no upgrades for you. Solaris 11.1 has sudo-1.8.6.7 out of the box. > Maybe best advice would be to upgrade their whole Debian. That's neat idea (I sure view transition from HP-UX to Debian as an upgrade, same for AIX), but most of the time if people bought that hardware - they intend to use it with stock OS, not Linux. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131102220500.049af9c284e6295963b50...@gmail.com