PT-2012-1033 · Todd Miller+4 · Sudo+4

Jan Lieskovsky

Published

2012-05-18

Updated

2024-06-15

CVE-2012-2337

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions sudo versions 1.6.x through 1.7.x before 1.7.9p1 sudo versions 1.8.x before 1.8.4p5

Description The issue allows local users to bypass intended command restrictions by executing a command on a host that has an IPv4 address, due to improper support for configurations that use a netmask syntax. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out locally.

Recommendations For sudo versions 1.6.x through 1.7.x before 1.7.9p1, update to version 1.7.9p1 or later. For sudo versions 1.8.x before 1.8.4p5, update to version 1.8.4p5 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2017-1056

BDU:2015-01940

BDU:2015-06936

BDU:2015-06938

BDU:2015-08838

BDU:2015-08839

BDU:2015-09671

CESA-2012_1081

CVE-2012-2337

DSA-2478-1

OPENSUSE-SU-2024:10551-1

RHSA-2012:1081

RHSA-2012_1081

SUSE-SU-2012_0641-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Sudo

PT-2012-1033 · Todd Miller+4 · Sudo+4

CVE-2012-2337

Weakness Enumeration

Related Identifiers

Affected Products

References · 81