Re: sudo and UNIXes
On 10/28/2013 03:47 PM, Reco wrote:
> On Sun, Oct 27, 2013 at 09:28:51PM -0600, Joe Pfeiffer wrote:
[snip]
>> You also have to add to the picture such a vulnerability, and I haven't
>> noticed any.
>
> If we're speaking of public vulnerabilities:
>
> CVE-2010-0427.
> CVE-2013-1775 (allows bypass sudoders modification to retain root
> privileges).
CVE-2010-0427 may be the better example of the two, though it relies on
a special configuration.
CVE-2013-1775 is a rather contrived case and needs physical access. The
general perception is that the game is over anyway when there is
physical access.
/Lars
Reply to: