Yesterday, January 26, a vulnerability was announced affecting UNIX and Linux operating systems running Sudo versions prior to 1.9.5p2. This vulnerability affects user privilege management services.
Initial reports indicate this vulnerability is difficult to exploit remotely, and there is no evidence this vulnerability has been used to attack any systems managed by CU*Answers. As with any large-scale vulnerability, CU*Answers is invoking its Incident Response Protocol to manage remediation of the issue.
CU*Answers Own Systems: Due to compensating controls, CU*Answers views this event as low risk to our environment. We are inventorying our services and have begun applying updates as necessary. At this time, we do not expect any credit union or member services will need to be taken offline in order to apply the required patches.
CU*Answers Managed Clients: If you are a client whose servers are managed by CU*Answers, we will contact you individually if you have any systems we are aware require patching to set up a schedule.
GUAPPLES: Due to their configurations, GUAPPLEs are not at risk from this vulnerability, however they will be receiving this update as part of our normal management and maintenance processes.
All Clients: We recommend your IT teams inventory your UNIX and Linux systems to determine whether these systems could be compromised by the vulnerability, and to patch these systems in accordance with your credit union’s patching policies.