Lucene search

K
gentooGentoo FoundationGLSA-201207-01
HistoryJul 09, 2012 - 12:00 a.m.

sudo: Privilege escalation

2012-07-0900:00:00
Gentoo Foundation
security.gentoo.org
15
sudo
privilege escalation
unintended hosts
ipv4
escalated privileges
upgrade
latest version

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

5.1%

Background

sudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts.

Description

An error in sudo may allow unintended IPv4 hosts to be granted access to commands.

Impact

A local attacker could gain escalated privileges.

Workaround

There is no known workaround at this time.

Resolution

All sudo users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.5_p1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-admin/sudo< 1.8.5_p1UNKNOWN

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

5.1%