Reco <recovery...@gmail.com> writes: > Hi. > > On Sat, 2 Nov 2013 11:46:48 -0500 > "Cybe R. Wizard" <cybe_r_wiz...@earthlink.net> wrote: >> > How about this bug: >> > >> > http://www.sudo.ws/sudo/alerts/sudo_debug.html >> > >> > Impact: Successful exploitation of the bug will allow a user to run >> > arbitrary commands as root. >> > >> > Exploitation of the bug does not require that the attacker be listed >> > in the sudoers file. As such, we strongly suggest that affected sites >> > upgrade from affected sudo versions as soon as possible. >> > >> How valid is that considering that Wheezy is using sudo >> version 1.8.5p2-1+nmu1 ? > > Perfectly valid, considering that this part of thread is about using > sudo in the UNIX environment, not Linux one. > > >> May I assume that there are still a lot of non-upgraded machines out there? > > Depends. For example, AIX 5, 6 and 7 all have sudo-1.6.7p5-3 (the only > version built officially by IBM). Unless you build sudo from the source > - no upgrades for you. > Solaris 11.1 has sudo-1.8.6.7 out of the box.
Note that neither of these is subject to vulnerability in the bug report. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1br4axpaik....@snowball.wb.pfeifferfamily.net
