| 1 |
On Jan 30, 2015 12:53 PM, "Andrew Savchenko" <bircoph@g.o> wrote: |
| 2 |
> |
| 3 |
> On Fri, 30 Jan 2015 12:19:01 -0500 symack wrote: |
| 4 |
|
| 5 |
> > or buy some freak of nature can exploit the vulnerability in other ways? |
| 6 |
> |
| 7 |
> Considering how old one's setup should be to be affected to this |
| 8 |
> issue, it is likely that such systems have another vulnerabilities, |
| 9 |
> allowing attacker to gain root privileges even if exim itself is |
| 10 |
> being run as a non-root user. |
| 11 |
> |
| 12 |
|
| 13 |
Well, it's only a few days old on most distros. It's about a year old on |
| 14 |
Gentoo. I think most of us run multiple boxes with some !gentoo. So most |
| 15 |
of us had at least one box that was potentially vulnerable. Exim being the |
| 16 |
only service proven vulnerable so far, it's possible you're otherwise fine. |
| 17 |
OTOH, how would you like to find out a service you use is vulnerable to an |
| 18 |
old bug? Especially one you had plenty of time to fix? |
| 19 |
|
| 20 |
Again Gentoo has been fine unless for a while you stuck with an old version |
| 21 |
for some reason. Most everything else... |
Archives