fkie_nvd - fkie_cve-2012-2337

fkie_cve-2012-2337

Vulnerability from fkie_nvd

Published

2012-05-18 18:55

Modified

2025-04-11 00:51

Severity ?

Summary

sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html
secalert@redhat.com	http://secunia.com/advisories/49219
secalert@redhat.com	http://secunia.com/advisories/49244
secalert@redhat.com	http://secunia.com/advisories/49291
secalert@redhat.com	http://secunia.com/advisories/49948
secalert@redhat.com	http://www.debian.org/security/2012/dsa-2478
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2012:079
secalert@redhat.com	http://www.securitytracker.com/id?1027077
secalert@redhat.com	http://www.sudo.ws/sudo/alerts/netmask.html	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=820677
secalert@redhat.com	https://www.suse.com/security/cve/CVE-2012-2337/
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49219
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49244
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49291
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49948
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2478
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2012:079
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1027077
af854a3a-2127-422b-91ae-364da2661108	http://www.sudo.ws/sudo/alerts/netmask.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=820677
af854a3a-2127-422b-91ae-364da2661108	https://www.suse.com/security/cve/CVE-2012-2337/

Impacted products

Vendor	Product	Version
todd_miller	sudo	1.6
todd_miller	sudo	1.6.1
todd_miller	sudo	1.6.2
todd_miller	sudo	1.6.2p3
todd_miller	sudo	1.6.3
todd_miller	sudo	1.6.3_p7
todd_miller	sudo	1.6.4
todd_miller	sudo	1.6.4p2
todd_miller	sudo	1.6.5
todd_miller	sudo	1.6.6
todd_miller	sudo	1.6.7
todd_miller	sudo	1.6.7p5
todd_miller	sudo	1.6.8
todd_miller	sudo	1.6.8p12
todd_miller	sudo	1.6.9
todd_miller	sudo	1.6.9p20
todd_miller	sudo	1.6.9p21
todd_miller	sudo	1.6.9p22
todd_miller	sudo	1.6.9p23

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "976B5923-1BCC-4DE6-A904-930DD833B937",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5452DF1-0270-452D-90EB-45E9A084B94C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBFD12E6-F92E-4371-ADA7-BCD41E4C9014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EF4CB38-4033-46A1-9155-DC348261CAEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "67FDF4FB-06FA-4A10-A3CF-F52169BC8072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*",
              "matchCriteriaId": "26DB5610-03CE-425E-8855-70D5787029FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFC86C-7743-4F27-BC10-170F04C23D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "55799ECB-CEB1-4839-8053-4C1F071D1526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2170CFD0-2594-45FB-B68F-0A75114F00A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "294FC65B-4225-475A-B49A-758823CEDECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6156B085-AA17-458C-AED1-D658275E43B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "85AA3DDA-BEC4-422D-8542-3FF5C6F5FA38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6419309-385F-4525-AD4B-C73B1A3ED935",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p12:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3604EC-3109-41AF-9068-60C639557BEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE103608-6BCB-4EC0-8EB1-110A80829592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F03EF9C-D90D-425E-AC35-8DD02B7C03F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AC8D478-8554-4947-926A-8B1B27DD122D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*",
              "matchCriteriaId": "64435258-4639-438E-825F-E6AA82D41745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p23:*:*:*:*:*:*:*",
              "matchCriteriaId": "C33BC128-A782-465A-8AF0-860EBC8388EB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address."
    },
    {
      "lang": "es",
      "value": "sudo v1.6.x y v1.7.x antes de v1.7.9p1, y v1.8.x antes de v1.8.4p5, no admite correctamente las configuraciones que utilizan una sintaxis de la m\u00e1scara de red, lo que permite a usuarios locales eludir restricciones de comandos en circunstancias oportunistas mediante la ejecuci\u00f3n de un comando en un host que tiene una direcci\u00f3n IPv4."
    }
  ],
  "id": "CVE-2012-2337",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-18T18:55:01.813",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/49219"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/49244"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/49291"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/49948"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2012/dsa-2478"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:079"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1027077"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.sudo.ws/sudo/alerts/netmask.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820677"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.suse.com/security/cve/CVE-2012-2337/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49244"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49291"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:079"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.sudo.ws/sudo/alerts/netmask.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820677"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.suse.com/security/cve/CVE-2012-2337/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-2337 (GCVE-0-2012-2337)

Vulnerability from cvelistv5

Published

2012-05-18 18:00