From: | RB <aoz.syn@×××××.com> |
---|---|
To: | gentoo-hardened@l.g.o |
Subject: | [gentoo-hardened] New sudo format string vuln |
Date: | Tue, 31 Jan 2012 15:12:54 |
Message-Id: | CADkMHCnEvbdUzg2_qVmeUx_HFYy7mU=OX866rs_RU3UbWmY3Uw@mail.gmail.com |
1 | Not sure how much testing anyone else has done (and it warrants more |
2 | testing), but I just tested this on a rather out-of-date machine |
3 | running hardened-sources-3.0.4 and sudo-1.8.2-r1. I had brute-force |
4 | prevention enabled, and not only was the vulnerability not successful, |
5 | I was locked out from all execution under my UID for 15 minutes - |
6 | couldn't even su over from root. Definite win for hardened! |
Subject | Author |
---|---|
Re: [gentoo-hardened] New sudo format string vuln | "Javier Juan Martínez Cabezón" <tazok.id0@×××××.com> |