CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
5.1%
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not
properly support configurations that use a netmask syntax, which allows
local users to bypass intended command restrictions in opportunistic
circumstances by executing a command on a host that has an IPv4 address.
Author | Note |
---|---|
tyhicks | Not easy to reproduce and requires that the user exploiting this flaw to already be specified in the sudoers file |