Amazon Linux AMI : sudo Privilege Escalation (ALAS-2012-110)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

A flaw was found in the way the network matching code in sudo handled
multiple IP networks listed in user specification configuration
directives. A user, who is authorized to run commands with sudo on
specific hosts, could use this flaw to bypass intended restrictions
and run those commands on hosts not matched by any of the network
specifications. (CVE-2012-2337)

See also :

http://www.nessus.org/u?726401b1

Solution :

Run 'yum update sudo' to update your system.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69600 ()

Bugtraq ID:

CVE ID: CVE-2012-2337