Published: 18/05/2012 Updated: 05/01/2018

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

sudo 1.6.x and 1.7.x prior to 1.7.9p1, and 1.8.x prior to 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.

Vulnerable Product	Search on Vulmon	Subscribe to Product
todd miller sudo 1.6.2p3
todd miller sudo 1.6.3
todd miller sudo 1.6.8
todd miller sudo 1.6.8p12
todd miller sudo 1.6.5
todd miller sudo 1.6.6
todd miller sudo 1.6.9p21
todd miller sudo 1.6.9p22
todd miller sudo 1.6.3_p7
todd miller sudo 1.6.4
todd miller sudo 1.6.4p2
todd miller sudo 1.6.9
todd miller sudo 1.6.9p20
todd miller sudo 1.6.1
todd miller sudo 1.6.2
todd miller sudo 1.6.7
todd miller sudo 1.6.7p5
todd miller sudo 1.6.9p23
todd miller sudo 1.6

Synopsis Moderate: sudo security update Type/Severity Security Advisory: Moderate Topic An updated sudo package that fixes one security issue is now available forRed Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerabilit ...

Sudo could allow users to run arbitrary programs as the administrator ...

Debian Bug report logs - #673766 CVE-2012-2337: IP addresses in sudoers with netmask may match additional hosts Package: sudo; Maintainer for sudo is Bdale Garbee <bdale@gagcom>; Source for sudo is src:sudo (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Mon, 21 May 2012 10:09 ...

It was discovered that sudo misparsed network masks used in Host and Host_List stanzas This allowed the execution of commands on hosts, where the user would not be allowed to run the specified command For the stable distribution (squeeze), this problem has been fixed in version 174p4-2squeeze3 For the unstable distribution (sid), this proble ...

A flaw was found in the way the network matching code in sudo handled multiple IP networks listed in user specification configuration directives A user, who is authorized to run commands with sudo on specific hosts, could use this flaw to bypass intended restrictions and run those commands on hosts not matched by any of the network specifications ...

CWE-264 http://www.sudo.ws/sudo/alerts/netmask.html https://bugzilla.redhat.com/show_bug.cgi?id=820677 http://www.mandriva.com/security/advisories?name=MDVSA-2012:079 http://www.debian.org/security/2012/dsa-2478 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html http://secunia.com/advisories/49219 http://secunia.com/advisories/49291 http://secunia.com/advisories/49244 http://www.securitytracker.com/id?1027077 http://secunia.com/advisories/49948 https://www.suse.com/security/cve/CVE-2012-2337/https://access.redhat.com/errata/RHSA-2012:1081 https://usn.ubuntu.com/1442-1/https://nvd.nist.gov

CVE-2012-2337

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect