1 |
On Jan 30, 2015 12:53 PM, "Andrew Savchenko" <bircoph@g.o> wrote: |
2 |
> |
3 |
> On Fri, 30 Jan 2015 12:19:01 -0500 symack wrote: |
4 |
|
5 |
> > or buy some freak of nature can exploit the vulnerability in other ways? |
6 |
> |
7 |
> Considering how old one's setup should be to be affected to this |
8 |
> issue, it is likely that such systems have another vulnerabilities, |
9 |
> allowing attacker to gain root privileges even if exim itself is |
10 |
> being run as a non-root user. |
11 |
> |
12 |
|
13 |
Well, it's only a few days old on most distros. It's about a year old on |
14 |
Gentoo. I think most of us run multiple boxes with some !gentoo. So most |
15 |
of us had at least one box that was potentially vulnerable. Exim being the |
16 |
only service proven vulnerable so far, it's possible you're otherwise fine. |
17 |
OTOH, how would you like to find out a service you use is vulnerable to an |
18 |
old bug? Especially one you had plenty of time to fix? |
19 |
|
20 |
Again Gentoo has been fine unless for a while you stuck with an old version |
21 |
for some reason. Most everything else... |