On Thu, 25 Sep 2014, Jan Wagner wrote: > is there still work on CVE-2014-7169, as the fix for CVE-2014-6271 > seems incomplete?
Work on that is ongoing, AFAIK. AFAIK, exploits for CVE-2014-7169 are already public (one certainly worked here, with the CVE-2014-6271 patch applied), and there are reports of ongoing scans (and possibly attacks) for CVE-2014-6271 since at least 12 hours ago. I didn't see anything about ongoing scans for CVE-2014-7169 yet. Some of those scans are benign (origin are well known white-hats), some are not. I suggest everyone to do a spring cleanup in the login shells for system accounts, and to deploy mitigation. BTW: sudo is a viable local attack vector for this vulnerability. https://news.ycombinator.com/item?id=8365158 -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140925135438.gd10...@khazad-dum.debian.net
