Archives
Archives
| From: | RB <aoz.syn@×××××.com> |
|---|---|
| To: | gentoo-hardened@l.g.o |
| Subject: | [gentoo-hardened] New sudo format string vuln |
| Date: | Tue, 31 Jan 2012 15:12:54 |
| Message-Id: | CADkMHCnEvbdUzg2_qVmeUx_HFYy7mU=OX866rs_RU3UbWmY3Uw@mail.gmail.com |
| 1 | Not sure how much testing anyone else has done (and it warrants more |
| 2 | testing), but I just tested this on a rather out-of-date machine |
| 3 | running hardened-sources-3.0.4 and sudo-1.8.2-r1. I had brute-force |
| 4 | prevention enabled, and not only was the vulnerability not successful, |
| 5 | I was locked out from all execution under my UID for 15 minutes - |
| 6 | couldn't even su over from root. Definite win for hardened! |
| Subject | Author |
|---|---|
| Re: [gentoo-hardened] New sudo format string vuln | "Javier Juan Martínez Cabezón" <tazok.id0@×××××.com> |