Lucene search

K
nvd[email protected]NVD:CVE-2012-2337
HistoryMay 18, 2012 - 6:55 p.m.

CVE-2012-2337

2012-05-1818:55:01
CWE-264
web.nvd.nist.gov
8
vulnerability
sudo
command restrictions
local users
ipv4 address

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6

Confidence

Low

EPSS

0

Percentile

5.1%

sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.

Affected configurations

Nvd
Node
todd_millersudoMatch1.6
OR
todd_millersudoMatch1.6.1
OR
todd_millersudoMatch1.6.2
OR
todd_millersudoMatch1.6.2p3
OR
todd_millersudoMatch1.6.3
OR
todd_millersudoMatch1.6.3_p7
OR
todd_millersudoMatch1.6.4
OR
todd_millersudoMatch1.6.4p2
OR
todd_millersudoMatch1.6.5
OR
todd_millersudoMatch1.6.6
OR
todd_millersudoMatch1.6.7
OR
todd_millersudoMatch1.6.7p5
OR
todd_millersudoMatch1.6.8
OR
todd_millersudoMatch1.6.8p12
OR
todd_millersudoMatch1.6.9
OR
todd_millersudoMatch1.6.9p20
OR
todd_millersudoMatch1.6.9p21
OR
todd_millersudoMatch1.6.9p22
OR
todd_millersudoMatch1.6.9p23
VendorProductVersionCPE
todd_millersudo1.6cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*
todd_millersudo1.6.1cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*
todd_millersudo1.6.2cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*
todd_millersudo1.6.2p3cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*
todd_millersudo1.6.3cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*
todd_millersudo1.6.3_p7cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*
todd_millersudo1.6.4cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*
todd_millersudo1.6.4p2cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*
todd_millersudo1.6.5cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*
todd_millersudo1.6.6cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*
Rows per page:
1-10 of 191

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6

Confidence

Low

EPSS

0

Percentile

5.1%