CVE-2012-2337

Published May 18, 2012

Last updated 7 years ago

CVSS info 7.2

Overview

Description: sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "976B5923-1BCC-4DE6-A904-930DD833B937"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5452DF1-0270-452D-90EB-45E9A084B94C"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBFD12E6-F92E-4371-ADA7-BCD41E4C9014"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EF4CB38-4033-46A1-9155-DC348261CAEE"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67FDF4FB-06FA-4A10-A3CF-F52169BC8072"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26DB5610-03CE-425E-8855-70D5787029FE"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5DFC86C-7743-4F27-BC10-170F04C23D7B"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55799ECB-CEB1-4839-8053-4C1F071D1526"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2170CFD0-2594-45FB-B68F-0A75114F00A8"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "294FC65B-4225-475A-B49A-758823CEDECD"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6156B085-AA17-458C-AED1-D658275E43B9"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85AA3DDA-BEC4-422D-8542-3FF5C6F5FA38"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6419309-385F-4525-AD4B-C73B1A3ED935"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD3604EC-3109-41AF-9068-60C639557BEC"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE103608-6BCB-4EC0-8EB1-110A80829592"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F03EF9C-D90D-425E-AC35-8DD02B7C03F2"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AC8D478-8554-4947-926A-8B1B27DD122D"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64435258-4639-438E-825F-E6AA82D41745"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C33BC128-A782-465A-8AF0-860EBC8388EB"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References