From owner-freebsd-security Mon Apr 29 9:40:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from vaemail.bankofamerica.com (vaemail.bankofamerica.com [171.159.192.14]) by hub.freebsd.org (Postfix) with ESMTP id AF11237B417 for ; Mon, 29 Apr 2002 09:40:27 -0700 (PDT) Received: from vaimail.bankofamerica.com (vaimail.bankofamerica.com [171.182.200.13]) by vaemail.bankofamerica.com (8.11.1/8.11.1) with ESMTP id g3TGePA19025 for ; Mon, 29 Apr 2002 12:40:25 -0400 (EDT) Received: from smtpsw04 (smtpsw04.bankofamerica.com [171.172.129.20]) by vaimail.bankofamerica.com (8.11.1/8.11.1) with ESMTP id g3TGeOH15124 for ; Mon, 29 Apr 2002 12:40:25 -0400 (EDT) Date: Mon, 29 Apr 2002 11:32:50 -0500 From: Rick.Robinson@bankofamerica.com Subject: Sudo Vulnerability To: security@FreeBSD.org Message-id: <86256BAA.005AE587.00@notes.bankofamerica.com> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline Content-transfer-encoding: 7BIT X-Lotus-FromDomain: BANKOFAMERICA Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Last week an advisory was put out for Sudo specifying a potential local root compromise in Sudo versions 1.5.7 - 1.6.5p2. I saw that the Sudo 1.6.6 packages are available for FreeBSD, but does the lack of a SA or SN from FreeBSD mean that previous versions are not vulnerable? Thanks for the help. Rick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message