Re: sudo and UNIXes
Hi.
On Sat, 2 Nov 2013 11:46:48 -0500
"Cybe R. Wizard" <cybe_r_wizard@earthlink.net> wrote:
> > How about this bug:
> >
> > http://www.sudo.ws/sudo/alerts/sudo_debug.html
> >
> > Impact: Successful exploitation of the bug will allow a user to run
> > arbitrary commands as root.
> >
> > Exploitation of the bug does not require that the attacker be listed
> > in the sudoers file. As such, we strongly suggest that affected sites
> > upgrade from affected sudo versions as soon as possible.
> >
> How valid is that considering that Wheezy is using sudo
> version 1.8.5p2-1+nmu1 ?
Perfectly valid, considering that this part of thread is about using
sudo in the UNIX environment, not Linux one.
> May I assume that there are still a lot of non-upgraded machines out there?
Depends. For example, AIX 5, 6 and 7 all have sudo-1.6.7p5-3 (the only
version built officially by IBM). Unless you build sudo from the source
- no upgrades for you.
Solaris 11.1 has sudo-1.8.6.7 out of the box.
> Maybe best advice would be to upgrade their whole Debian.
That's neat idea (I sure view transition from HP-UX to Debian as an
upgrade, same for AIX), but most of the time if people bought that
hardware - they intend to use it with stock OS, not Linux.
Reco
Reply to: