[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-2337Date: (C)2012-05-18   (M)2023-12-22


sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1027077
SECUNIA-49219
SECUNIA-49244
SECUNIA-49291
SECUNIA-49948
DSA-2478
FEDORA-2012-7998
MDVSA-2012:079
http://www.sudo.ws/sudo/alerts/netmask.html
https://bugzilla.redhat.com/show_bug.cgi?id=820677
https://www.suse.com/security/cve/CVE-2012-2337/

CPE    19
cpe:/a:todd_miller:sudo:1.6.8
cpe:/a:todd_miller:sudo:1.6
cpe:/a:todd_miller:sudo:1.6.7
cpe:/a:todd_miller:sudo:1.6.9
...
CWE    1
CWE-264
OVAL    12
oval:org.secpod.oval:def:1601290
oval:org.secpod.oval:def:700860
oval:org.secpod.oval:def:202394
oval:org.secpod.oval:def:600813
...

© SecPod Technologies