Lucene search

K
ubuntucveUbuntu.comUB:CVE-2012-2337
HistoryMay 16, 2012 - 12:00 a.m.

CVE-2012-2337

2012-05-1600:00:00
ubuntu.com
ubuntu.com
19
sudo configuration handling
local user bypass
command restrictions
ipv4 address

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

5.1%

sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not
properly support configurations that use a netmask syntax, which allows
local users to bypass intended command restrictions in opportunistic
circumstances by executing a command on a host that has an IPv4 address.

Bugs

Notes

Author Note
tyhicks Not easy to reproduce and requires that the user exploiting this flaw to already be specified in the sudoers file
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchsudo< 1.6.9p10-1ubuntu3.9UNKNOWN
ubuntu10.04noarchsudo< 1.7.2p1-1ubuntu5.4UNKNOWN
ubuntu11.04noarchsudo< 1.7.4p4-5ubuntu7.2UNKNOWN
ubuntu11.10noarchsudo< 1.7.4p6-1ubuntu2.1UNKNOWN
ubuntu12.04noarchsudo< 1.8.3p1-1ubuntu3.2UNKNOWN

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

5.1%