Re: sudo and UNIXes
On Mon, Oct 28, 2013 at 03:56:32PM +0200, Lars Noodén wrote:
> On 10/28/2013 03:47 PM, Reco wrote:
> > On Sun, Oct 27, 2013 at 09:28:51PM -0600, Joe Pfeiffer wrote:
> [snip]
> >> You also have to add to the picture such a vulnerability, and I haven't
> >> noticed any.
> >
> > If we're speaking of public vulnerabilities:
> >
> > CVE-2010-0427.
> > CVE-2013-1775 (allows bypass sudoders modification to retain root
> > privileges).
>
> CVE-2010-0427 may be the better example of the two, though it relies on
> a special configuration.
>
> CVE-2013-1775 is a rather contrived case and needs physical access. The
> general perception is that the game is over anyway when there is
> physical access.
Still, they are (hopefully fully fixed) vulnerabilities, and they allow
escalation to root, aren't they?
Reco
Reply to: