On 10/28/2013 03:47 PM, Reco wrote: > On Sun, Oct 27, 2013 at 09:28:51PM -0600, Joe Pfeiffer wrote: [snip] >> You also have to add to the picture such a vulnerability, and I haven't >> noticed any. > > If we're speaking of public vulnerabilities: > > CVE-2010-0427. > CVE-2013-1775 (allows bypass sudoders modification to retain root > privileges).
CVE-2010-0427 may be the better example of the two, though it relies on a special configuration. CVE-2013-1775 is a rather contrived case and needs physical access. The general perception is that the game is over anyway when there is physical access. /Lars -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/526e6d10.5070...@gmail.com
