Sudo vulnerability

ID USN-1442-1
Type ubuntu
Reporter Ubuntu
Modified 2012-05-16T00:00:00


It was discovered that sudo incorrectly handled network masks when using Host and Host_List. A local user who is listed in sudoers may be allowed to run commands on unintended hosts when IPv4 network masks are used to grant access. A local attacker could exploit this to bypass intended access restrictions. Host and Host_List are not used in the default installation of Ubuntu.