Re: sudo and UNIXes

To: debian-user@lists.debian.org
Subject: Re: sudo and UNIXes
From: Reco <recoverym4n@gmail.com>
Date: Sat, 2 Nov 2013 22:05:00 +0400
Message-id: <[🔎] 20131102220500.049af9c284e6295963b50cd9@gmail.com>
In-reply-to: <[🔎] 20131102114648.190b3d4d.cybe_r_wizard@earthlink.net>
References: <5269D17C.6090504@optonline.net> <20131025183155.GB9627@hysteria.proulx.com> <20131025234110.478c8065ddd992139a38bc3e@gmail.com> <CAOdo=SyHvrF=gPje83ryhjf+iyrLc6AqMTdHbJbJtfDFoWttBg@mail.gmail.com> <20131026011611.f2a1e103756681a7d0e858e0@gmail.com> <CAOdo=SyowAJfhFf+4y-m52cew4OdCYHOG894yufXtGBnYXK3LA@mail.gmail.com> <20131027113150.5d165f99e540507a9892132f@gmail.com> <1b38nmdqfg.fsf@snowball.wb.pfeifferfamily.net> <20131028134702.GA23316@x101h> <1bvc0hcqqo.fsf@snowball.wb.pfeifferfamily.net> <20131028181130.GB29376@x101h> <[🔎] 1b4n7vik0q.fsf@snowball.wb.pfeifferfamily.net> <[🔎] slrnl7a6ss.2cf.curty@einstein.electron.org> <[🔎] 20131102114648.190b3d4d.cybe_r_wizard@earthlink.net>

 Hi.

On Sat, 2 Nov 2013 11:46:48 -0500
"Cybe R. Wizard" <cybe_r_wizard@earthlink.net> wrote:
> > How about this bug:
> > 
> > http://www.sudo.ws/sudo/alerts/sudo_debug.html
> >  
> >  Impact: Successful exploitation of the bug will allow a user to run
> > arbitrary commands as root.
> > 
> >  Exploitation of the bug does not require that the attacker be listed
> > in the sudoers file. As such, we strongly suggest that affected sites
> > upgrade from affected sudo versions as soon as possible. 
> > 
> How valid is that considering that Wheezy is using sudo
> version 1.8.5p2-1+nmu1 ?

Perfectly valid, considering that this part of thread is about using
sudo in the UNIX environment, not Linux one.


> May I assume that there are still a lot of non-upgraded machines out there?

Depends. For example, AIX 5, 6 and 7 all have sudo-1.6.7p5-3 (the only
version built officially by IBM). Unless you build sudo from the source
- no upgrades for you.
Solaris 11.1 has sudo-1.8.6.7 out of the box.


> Maybe best advice would be to upgrade their whole Debian.

That's neat idea (I sure view transition from HP-UX to Debian as an
upgrade, same for AIX), but most of the time if people bought that
hardware - they intend to use it with stock OS, not Linux.

Reco

Reply to:

Follow-Ups:
- Re: sudo and UNIXes
  - From: Joe Pfeiffer <pfeiffer@cs.nmsu.edu>

References:
- Re: sudo and UNIXes
  - From: Joe Pfeiffer <pfeiffer@cs.nmsu.edu>
- Re: sudo and UNIXes
  - From: Curt <curty@free.fr>
- Re: sudo and UNIXes
  - From: "Cybe R. Wizard" <cybe_r_wizard@earthlink.net>

Prev by Date: Re: sudo and UNIXes
Next by Date: Installing same packages in a Squeeze installation in a new Wheezy installation
Previous by thread: Re: sudo and UNIXes
Next by thread: Re: sudo and UNIXes
Index(es):
- Date
- Thread