[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sudo and UNIXes

On 2013-11-02, Cybe R. Wizard <cybe_r_wizard@earthlink.net> wrote:
>> http://www.sudo.ws/sudo/alerts/sudo_debug.html
>>  
>>  Impact: Successful exploitation of the bug will allow a user to run
>> arbitrary commands as root.
>> 
>>  Exploitation of the bug does not require that the attacker be listed
>> in the sudoers file. As such, we strongly suggest that affected sites
>> upgrade from affected sudo versions as soon as possible. 
>> 
> How valid is that considering that Wheezy is using sudo
> version 1.8.5p2-1+nmu1 ?  May I assume that there are still a lot of
> non-upgraded machines out there?  Maybe best advice would be to upgrade
> their whole Debian.

I thought we were talking about people running "unpatched" sudos in
distros where the program isn't included in the official repositories of
packages and therefore gets no security updates (or something)?
Reply to: