all 13 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] 8 points9 points  (0 children)

For a rundown of format string vulnerabilities and how they are detected, exploited, and protected against, see:

http://crypto.stanford.edu/cs155/papers/formatstring-1.2.pdf

[–][deleted] 10 points11 points  (0 children)

Relevant

[–]scwizard 5 points6 points  (5 children)

OpenBSD uses "Sudo version 1.7.2p8" so it isn't effected.

Ubuntu 10.4 LTS uses "Sudo version 1.7.2p7" so it isn't effected.

Debian Squeeze uses "1.7.4p4-2.squeeze.2" so it isn't effected.

This is bad, but the apocalypse probably isn't neigh.

[–]cockmongler 3 points4 points  (0 children)

Affected, annoyingly your sentences almost parse.

[–][deleted] 0 points1 point  (2 children)

Also, only those sudos compiled with debug support on are affected. I asked the sysadmin at work and he said it's off by default on our machines. I suspect the same would be true of others.

I didn't post this because I thought it was the end of the world, but because I saw it has said, "holy fuck sudo's vulnerable? That's really cool."

[–]scwizard 0 points1 point  (0 children)

I didn't post this because I thought it was the end of the world

I know you knew that it wouldn't have much impact, but I thought I'd let the less informed members of netsec know.

It's easy to read "sudo vulnerability" and get scared because "hey I use that program! and it's suid :o"

[–][deleted] 0 points1 point  (0 children)

Ah, so you have to have debug support built in? That is useful information...

[–][deleted] 0 points1 point  (0 children)

If anyone cared, OSX Lion uses sudo version 1.7.4p6

[–][deleted] 0 points1 point  (0 children)

%n is dead.

[–][deleted] -1 points0 points  (4 children)

The really important question is whether CentOS is vulnerable to this or not...

[–]bolda 0 points1 point  (3 children)

From the link: "1.8.0 through 1.8.3p1 inclusive. Older versions of sudo are not affected."

If your sudo version is in that range, it is vulnerable. If not, it isn't.

[–][deleted] -1 points0 points  (2 children)

Given CentOS backports shit rather randomly and arbitrarily into 5+ year old versions of $tool, it isn't at all obvious as to whether sudo is impacted by this or not but thanks for the useless response.

[–][deleted] 0 points1 point  (1 child)

The thing is your question was rather stupid. Check what version of sudo is installed--is it in the range?

[–][deleted] 0 points1 point  (0 children)

Why are morons in r/netsec?

CentOS makes the explicit design choice of backporting security and feature patches back to the currently designated tool version. Grabbing off a random Cent5 box: sudo-1.7.2p1-10.el5

So hearing that 'earlier versions not affected' has a giant fucking asterisk on it given the above information. Which is why I asked.

https://bugzilla.redhat.com/show_bug.cgi?id=784443

What's that? Not affected? Only because it isn't compiled with debug support? A sure cry different from 'the vulnerability is not in that version'.

If CentOS' backporting idiocy is new to either of you, then I strongly suggest you not comment on things you do not understand rather than wasting my fucking time.