Oracle Solaris Third-Party Patch Update : sudo (cve_2012_2337_restriction_bypass)
High Nessus Plugin ID 80778
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address. (CVE-2012-2337)
SolutionUpgrade to Solaris 11/11 SRU 9.5.