Ubuntu Security Notice (C) 2012-2013 Canonical, Inc. / NASL script (C) 2012-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
It was discovered that sudo incorrectly handled network masks when
using Host and Host_List. A local user who is listed in sudoers may be
allowed to run commands on unintended hosts when IPv4 network masks
are used to grant access. A local attacker could exploit this to
bypass intended access restrictions. Host and Host_List are not used
in the default installation of Ubuntu.
Update the affected sudo and / or sudo-ldap packages.
Risk factor :
High / CVSS Base Score : 7.2
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 59170 ()
CVE ID: CVE-2012-2337