[olug] Update Sudo
Matthew G. Marsh
olug4mgm at paktronix.com
Thu Jan 28 09:41:35 CST 2021
PakSecured 5.4.2 both X64 and MultiLib passed. PS 2.6.24.2
vulnerable - will patch now. Interesting the library
dependencies that seem to be implicated.
Thanks for the tip to check. I don't follow things as closely as I once
did...
mgm
On Thu, 28 Jan 2021, Reiners Cloud Consulting LLC wrote:
> CentOS Linux release 7.9.2009 (Core) (passed)
> Ubuntu 20.04 LTS (seems vuln)
>
>
> On Wed, Jan 27, 2021 at 8:16 PM Jeff Hinrichs - DM&T <jeffh at dundeemt.com>
> wrote:
>
>> ubuntu 18.04.5 -passed
>> raspbian 9.13 - vuln
>> freebsd11.4-RELEASE - passed
>>
>>
>> On Wed, Jan 27, 2021 at 2:54 PM Anthony Kava <karver at forensic.coffee>
>> wrote:
>>
>>> If you want to do a quick test (might have some false negatives) try
>> this:
>>>
>>> sudoedit -s '\' `perl -e 'print "A" x 65536'`
>>>
>>> Should segfault if vulnerable, return Usage message if not. Again, not
>>> sure if 100% but worked in anecdotal testing with Ubuntu 16.04, 20.4,
>>> Raspbian, and CentOS 6 and 7.
>>>
>>> On Wed, Jan 27, 2021 at 2:24 PM Jon Larsen <jon at jonlarsen.us> wrote:
>>>
>>>> 10-year-old Sudo Bug Lets Linux Users Gain Root-Level Access
> Justin Reiners
> Reiners Cloud Consulting LLC
> I'm happy to be your local Omaha distributor for 3CX and SimpleHelp!
> Contact me for info.
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://www.olug.org/mailman/listinfo/olug
--------------------------------------------------
Matthew G. Marsh
Special Email Addr for OLUG ;-}
Phone: (402) 932-7250
Email: olug4mgm at paktronix.com
WWW: http://www.paksecured.org
--------------------------------------------------
More information about the OLUG
mailing list