#VU32797 Permissions, Privileges, and Access Controls in Sudo - CVE-2012-2337
Vulnerability identifier: #VU32797
Vulnerability risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Sudo
Client/Desktop applications /
Software for system administration
Vendor: Sudo
Description
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Sudo: 1.7.0 - 1.8.4p4
External links
https://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html
https://secunia.com/advisories/49219
https://secunia.com/advisories/49244
https://secunia.com/advisories/49291
https://secunia.com/advisories/49948
https://www.debian.org/security/2012/dsa-2478
https://www.mandriva.com/security/advisories?name=MDVSA-2012:079
https://www.securitytracker.com/id?1027077
https://www.sudo.ws/sudo/alerts/netmask.html
https://bugzilla.redhat.com/show_bug.cgi?id=820677
https://www.suse.com/security/cve/CVE-2012-2337/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
