CVE-2012-2337

Severity

72%

Complexity

39%

Confidentiality

165%

sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 12 years ago

2012-05-18 18:55:00

Last updated 7 years ago

2018-01-05 02:29:00

Affected Software

Todd Miller Sudo 1.6

1.6

Todd Miller Sudo 1.6.1

1.6.1

Todd Miller Sudo 1.6.2

1.6.2

Todd Miller Sudo 1.6.2p3

1.6.2p3

Todd Miller Sudo 1.6.3

1.6.3

Todd Miller Sudo 1.6.3 p7

1.6.3_p7

Todd Miller Sudo 1.6.4

1.6.4

Todd Miller Sudo 1.6.4p2

1.6.4p2

Todd Miller Sudo 1.6.5

1.6.5

Todd Miller Sudo 1.6.6

1.6.6

Todd Miller Sudo 1.6.7

1.6.7

Todd Miller Sudo 1.6.7p5

1.6.7p5

Todd Miller Sudo 1.6.8

1.6.8

Todd Miller Sudo 1.6.8p12

1.6.8p12

Todd Miller Sudo 1.6.9

1.6.9

Todd Miller Sudo 1.6.9p20

1.6.9p20

Todd Miller Sudo 1.6.9p21

1.6.9p21

Todd Miller Sudo 1.6.9p22

1.6.9p22

Todd Miller Sudo 1.6.9p23

1.6.9p23

References

FEDORA-2012-7998

49219

49244

49291

49948

DSA-2478

MDVSA-2012:079

1027077

http://www.sudo.ws/sudo/alerts/netmask.html

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=820677

https://www.suse.com/security/cve/CVE-2012-2337/

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.