5.9 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%
It was discovered that sudo incorrectly handled network masks when using Host
and Host_List. A local user who is listed in sudoers may be allowed to run
commands on unintended hosts when IPv4 network masks are used to grant access.
A local attacker could exploit this to bypass intended access restrictions. Host
and Host_List are not used in the default installation of Ubuntu.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.04 | noarch | sudo-ldap | < 1.6.9p10-1ubuntu3.9 | UNKNOWN |
Ubuntu | 8.04 | noarch | sudo | < 1.6.9p10-1ubuntu3.9 | UNKNOWN |
Ubuntu | 12.04 | noarch | sudo-ldap | < 1.8.3p1-1ubuntu3.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | sudo | < 1.8.3p1-1ubuntu3.2 | UNKNOWN |
Ubuntu | 11.10 | noarch | sudo-ldap | < 1.7.4p6-1ubuntu2.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | sudo | < 1.7.4p6-1ubuntu2.1 | UNKNOWN |
Ubuntu | 11.04 | noarch | sudo-ldap | < 1.7.4p4-5ubuntu7.2 | UNKNOWN |
Ubuntu | 11.04 | noarch | sudo | < 1.7.4p4-5ubuntu7.2 | UNKNOWN |
Ubuntu | 10.04 | noarch | sudo-ldap | < 1.7.2p1-1ubuntu5.4 | UNKNOWN |
Ubuntu | 10.04 | noarch | sudo | < 1.7.2p1-1ubuntu5.4 | UNKNOWN |