SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Sudo Vendors:   sudo.ws
Sudo Netmask Error Lets Remote Authenticated Users Bypass Host Access Controls
SecurityTracker Alert ID:  1027077
SecurityTracker URL:  http://securitytracker.com/id/1027077
CVE Reference:   CVE-2012-2337   (Links to External Site)
Updated:  Jul 16 2012
Original Entry Date:  May 18 2012
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.6.9p3 through 1.8.4p4
Description:   A vulnerability was reported in Sudo. A remote authenticated user can bypass host access controls.

A remote authenticated user listed in the sudoers file (or sudoers LDAP data) and granted access to commands on hosts on one or more IPv4 networks (using IP network matching) may be able to execute a command from an unauthorized host.
Impact:   A remote authenticated user can bypass host access controls.
Solution:   The vendor has issued a fix (1.7.9p1, 1.8.4p5).

The vendor's advisory is available at:

http://www.sudo.ws/sudo/alerts/netmask.html
Vendor URL:  www.sudo.ws/sudo/alerts/netmask.html (Links to External Site)
Cause:   Access control error
Underlying OS:   Linux (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 16 2012 (Red Hat Issues Fix) Sudo Netmask Error Lets Remote Authenticated Users Bypass Host Access Controls   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 5 and 6.
May 31 2013 (VMware Issues Fix for ESX) Sudo Netmask Error Lets Remote Authenticated Users Bypass Host Access Controls   (VMware Security Announcements <security-announce@lists.vmware.com>)
VMware has issued a fix for VMware ESX 4.0.


 Source Message Contents
Date:  Fri, 18 May 2012 19:31:05 +0000
Subject:  sudo


http://www.sudo.ws/sudo/alerts/netmask.html

CVE 2012-2337


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC