On Mon, Oct 28, 2013 at 03:56:32PM +0200, Lars Noodén wrote: > On 10/28/2013 03:47 PM, Reco wrote: > > On Sun, Oct 27, 2013 at 09:28:51PM -0600, Joe Pfeiffer wrote: > [snip] > >> You also have to add to the picture such a vulnerability, and I haven't > >> noticed any. > > > > If we're speaking of public vulnerabilities: > > > > CVE-2010-0427. > > CVE-2013-1775 (allows bypass sudoders modification to retain root > > privileges). > > CVE-2010-0427 may be the better example of the two, though it relies on > a special configuration. > > CVE-2013-1775 is a rather contrived case and needs physical access. The > general perception is that the game is over anyway when there is > physical access.
Still, they are (hopefully fully fixed) vulnerabilities, and they allow escalation to root, aren't they? Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131028143416.GD23316@x101h
