On Jan 30, 2015 12:53 PM, "Andrew Savchenko" <birc...@gentoo.org> wrote: > > On Fri, 30 Jan 2015 12:19:01 -0500 symack wrote:
> > or buy some freak of nature can exploit the vulnerability in other ways? > > Considering how old one's setup should be to be affected to this > issue, it is likely that such systems have another vulnerabilities, > allowing attacker to gain root privileges even if exim itself is > being run as a non-root user. > Well, it's only a few days old on most distros. It's about a year old on Gentoo. I think most of us run multiple boxes with some !gentoo. So most of us had at least one box that was potentially vulnerable. Exim being the only service proven vulnerable so far, it's possible you're otherwise fine. OTOH, how would you like to find out a service you use is vulnerable to an old bug? Especially one you had plenty of time to fix? Again Gentoo has been fine unless for a while you stuck with an old version for some reason. Most everything else...
