PT-2012-1033 · Todd Miller+4 · Sudo+4

Jan Lieskovsky

Publicado

2012-05-18

Atualizado

2024-06-15

CVE-2012-2337

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions sudo versions 1.6.x through 1.7.x before 1.7.9p1 sudo versions 1.8.x before 1.8.4p5

Description The issue allows local users to bypass intended command restrictions by executing a command on a host that has an IPv4 address, due to improper support for configurations that use a netmask syntax. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out locally.

Recommendations For sudo versions 1.6.x through 1.7.x before 1.7.9p1, update to version 1.7.9p1 or later. For sudo versions 1.8.x before 1.8.4p5, update to version 1.8.4p5 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

ALT-PU-2017-1056

BDU:2015-01940

BDU:2015-06936

BDU:2015-06938

BDU:2015-08838

BDU:2015-08839

BDU:2015-09671

CESA-2012_1081

CVE-2012-2337

DSA-2478-1

OPENSUSE-SU-2024:10551-1

RHSA-2012:1081

RHSA-2012_1081

SUSE-SU-2012_0641-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Sudo

PT-2012-1033 · Todd Miller+4 · Sudo+4

CVE-2012-2337

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 81