Amazon Linux AMI : sudo (ALAS-2012-110)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

A flaw was found in the way the network matching code in sudo handled
multiple IP networks listed in user specification configuration
directives. A user, who is authorized to run commands with sudo on
specific hosts, could use this flaw to bypass intended restrictions
and run those commands on hosts not matched by any of the network
specifications. (CVE-2012-2337)

See also :

Solution :

Run 'yum update sudo' to update your system.

Risk factor :

High / CVSS Base Score : 7.2

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69600 ()

Bugtraq ID:

CVE ID: CVE-2012-2337

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now