CVE-2012-2337

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.

References

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html

http://secunia.com/advisories/49219

http://secunia.com/advisories/49244

http://secunia.com/advisories/49291

http://secunia.com/advisories/49948

http://www.debian.org/security/2012/dsa-2478

http://www.mandriva.com/security/advisories?name=MDVSA-2012:079

http://www.securitytracker.com/id?1027077

http://www.sudo.ws/sudo/alerts/netmask.html

https://bugzilla.redhat.com/show_bug.cgi?id=820677

https://www.suse.com/security/cve/CVE-2012-2337/

Details

Source: MITRE

Published: 2012-05-18

Updated: 2018-01-05

Type: CWE-264

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (21 total)

IDNameProductFamilySeverity
154615NewStart CGSL CORE 5.04 / MAIN 5.04 : sudo Multiple Vulnerabilities (NS-SA-2021-0101)NessusNewStart CGSL Local Security Checks
high
154540NewStart CGSL MAIN 6.02 : sudo Multiple Vulnerabilities (NS-SA-2021-0120)NessusNewStart CGSL Local Security Checks
high
89665VMware ESX sudo Package Multiple Vulnerabilities (VMSA-2013-0007) (remote check)NessusMisc.
high
80778Oracle Solaris Third-Party Patch Update : sudo (cve_2012_2337_restriction_bypass)NessusSolaris Local Security Checks
high
74632openSUSE Security Update : sudo (openSUSE-SU-2012:0652-1)NessusSuSE Local Security Checks
high
69600Amazon Linux AMI : sudo (ALAS-2012-110)NessusAmazon Linux Local Security Checks
high
68577Oracle Linux 5 / 6 : sudo (ELSA-2012-1081)NessusOracle Linux Local Security Checks
high
66723VMSA-2013-0007 : VMware ESX third-party update for Service Console package sudoNessusVMware ESX Local Security Checks
high
66068Mandriva Linux Security Advisory : sudo (MDVSA-2013:054)NessusMandriva Local Security Checks
high
64227SuSE 11.1 Security Update : sudo, sudo-debuginfo, sudo-debugsource (SAT Patch Number 6306)NessusSuSE Local Security Checks
high
61363Scientific Linux Security Update : sudo on SL5.x, SL6.x i386/x86_64 (20120716)NessusScientific Linux Local Security Checks
high
59982RHEL 5 / 6 : sudo (RHSA-2012:1081)NessusRed Hat Local Security Checks
high
59981CentOS 5 / 6 : sudo (CESA-2012:1081)NessusCentOS Local Security Checks
high
59962Fedora 16 : sudo-1.8.3p1-3.fc16 (2012-8021)NessusFedora Local Security Checks
high
59893GLSA-201207-01 : sudo: Privilege escalationNessusGentoo Local Security Checks
high
59296Fedora 17 : sudo-1.8.3p1-7.fc17 (2012-7998)NessusFedora Local Security Checks
high
59288SuSE 10 Security Update : sudo, sudo-debuginfo (ZYPP Patch Number 8134)NessusSuSE Local Security Checks
high
59250Debian DSA-2478-1 : sudo - parsing errorNessusDebian Local Security Checks
high
59221Mandriva Linux Security Advisory : sudo (MDVSA-2012:079)NessusMandriva Local Security Checks
high
59170Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : sudo vulnerability (USN-1442-1)NessusUbuntu Local Security Checks
high
59169FreeBSD : sudo -- netmask vulnerability (b3435b68-9ee8-11e1-997c-002354ed89bc)NessusFreeBSD Local Security Checks
high