SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Sudo Vendors:   sudo.ws
Sudo Netmask Error Lets Remote Authenticated Users Bypass Host Access Controls
SecurityTracker Alert ID:  1027077
SecurityTracker URL:  http://securitytracker.com/id/1027077
CVE Reference:   CVE-2012-2337   (Links to External Site)
Updated:  Jul 16 2012
Original Entry Date:  May 18 2012
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.6.9p3 through 1.8.4p4
Description:   A vulnerability was reported in Sudo. A remote authenticated user can bypass host access controls.

A remote authenticated user listed in the sudoers file (or sudoers LDAP data) and granted access to commands on hosts on one or more IPv4 networks (using IP network matching) may be able to execute a command from an unauthorized host.

Impact:   A remote authenticated user can bypass host access controls.
Solution:   The vendor has issued a fix (1.7.9p1, 1.8.4p5).

The vendor's advisory is available at:

http://www.sudo.ws/sudo/alerts/netmask.html

Vendor URL:  www.sudo.ws/sudo/alerts/netmask.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 16 2012 (Red Hat Issues Fix) Sudo Netmask Error Lets Remote Authenticated Users Bypass Host Access Controls
Red Hat has issued a fix for Red Hat Enterprise Linux 5 and 6.
May 31 2013 (VMware Issues Fix for ESX) Sudo Netmask Error Lets Remote Authenticated Users Bypass Host Access Controls
VMware has issued a fix for VMware ESX 4.0 and 4.1.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC