Executive Summary

Summary
Title sudo: Privilege escalation
Informations
Name GLSA-201207-01 First vendor Publication 2012-07-09
Vendor Gentoo Last vendor Modification 2012-07-09
Severity (Vendor) High Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

A vulnerability has been found in sudo which may allow local users to gain escalated privileges.

Background

sudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts.

Description

An error in sudo may allow unintended IPv4 hosts to be granted access to commands.

Impact

A local attacker could gain escalated privileges.

Workaround

There is no known workaround at this time.

Resolution

All sudo users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.5_p1"

References

[ 1 ] CVE-2012-2337 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2337

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201207-01.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201207-01.xml

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17936
 
Oval ID: oval:org.mitre.oval:def:17936
Title: USN-1442-1 -- sudo vulnerability
Description: Sudo could allow users to run arbitrary programs as the administrator.
Family: unix Class: patch
Reference(s): USN-1442-1
CVE-2012-2337
Version: 7
Platform(s): Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04
Ubuntu 8.04
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20104
 
Oval ID: oval:org.mitre.oval:def:20104
Title: DSA-2478-1 sudo - parsing error
Description: It was discovered that sudo misparsed network masks used in Host and Host_List stanzas. This allowed the execution of commands on hosts, where the user would not be allowed to run the specified command.
Family: unix Class: patch
Reference(s): DSA-2478-1
CVE-2012-2337
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20702
 
Oval ID: oval:org.mitre.oval:def:20702
Title: VMware ESX third party update for Service Console package sudo
Description: sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.
Family: unix Class: vulnerability
Reference(s): CVE-2012-2337
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21239
 
Oval ID: oval:org.mitre.oval:def:21239
Title: RHSA-2012:1081: sudo security update (Moderate)
Description: sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.
Family: unix Class: patch
Reference(s): RHSA-2012:1081-01
CESA-2012:1081
CVE-2012-2337
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23171
 
Oval ID: oval:org.mitre.oval:def:23171
Title: DEPRECATED: ELSA-2012:1081: sudo security update (Moderate)
Description: sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.
Family: unix Class: patch
Reference(s): ELSA-2012:1081-01
CVE-2012-2337
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23860
 
Oval ID: oval:org.mitre.oval:def:23860
Title: ELSA-2012:1081: sudo security update (Moderate)
Description: sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.
Family: unix Class: patch
Reference(s): ELSA-2012:1081-01
CVE-2012-2337
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27394
 
Oval ID: oval:org.mitre.oval:def:27394
Title: DEPRECATED: ELSA-2012-1081 -- sudo security update (moderate)
Description: [1.7.4p5-12] - added patch for CVE-2012-2337 Resolves: rhbz#829756
Family: unix Class: patch
Reference(s): ELSA-2012-1081
CVE-2012-2337
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): sudo
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 19

OpenVAS Exploits

Date Description
2012-08-30 Name : Fedora Update for sudo FEDORA-2012-7998
File : nvt/gb_fedora_2012_7998_sudo_fc17.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201207-01 (sudo)
File : nvt/glsa_201207_01.nasl
2012-08-03 Name : Mandriva Update for sudo MDVSA-2012:079 (sudo)
File : nvt/gb_mandriva_MDVSA_2012_079.nasl
2012-07-30 Name : CentOS Update for sudo CESA-2012:1081 centos5
File : nvt/gb_CESA-2012_1081_sudo_centos5.nasl
2012-07-30 Name : CentOS Update for sudo CESA-2012:1081 centos6
File : nvt/gb_CESA-2012_1081_sudo_centos6.nasl
2012-07-19 Name : RedHat Update for sudo RHSA-2012:1081-01
File : nvt/gb_RHSA-2012_1081-01_sudo.nasl
2012-05-31 Name : Debian Security Advisory DSA 2478-1 (sudo)
File : nvt/deb_2478_1.nasl
2012-05-31 Name : FreeBSD Ports: sudo
File : nvt/freebsd_sudo11.nasl
2012-05-17 Name : Ubuntu Update for sudo USN-1442-1
File : nvt/gb_ubuntu_USN_1442_1.nasl

Information Assurance Vulnerability Management (IAVM)

Date Description
2013-06-06 IAVM : 2013-B-0064 - Multiple Vulnerabilities in VMware ESX 4.0
Severity : Category II - VMSKEY : V0038876

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_esx_VMSA-2013-0007_remote.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_sudo_20120717.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2012-1200.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1185.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-293.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-110.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2012-1081.nasl - Type : ACT_GATHER_INFO
2013-05-31 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2013-0007.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-054.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_sudo-120517.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120716_sudo_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-07-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1081.nasl - Type : ACT_GATHER_INFO
2012-07-17 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2012-1081.nasl - Type : ACT_GATHER_INFO
2012-07-13 Name : The remote Fedora host is missing a security update.
File : fedora_2012-8021.nasl - Type : ACT_GATHER_INFO
2012-07-10 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201207-01.nasl - Type : ACT_GATHER_INFO
2012-05-30 Name : The remote Fedora host is missing a security update.
File : fedora_2012-7998.nasl - Type : ACT_GATHER_INFO
2012-05-29 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_sudo-8134.nasl - Type : ACT_GATHER_INFO
2012-05-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2478.nasl - Type : ACT_GATHER_INFO
2012-05-22 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2012-079.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1442-1.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_b3435b689ee811e1997c002354ed89bc.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:37:28
  • Multiple Updates