CVE-2012-2337

CWE-2649 documents8 sources

Severity

7.2HIGH

EPSS

0.0%

top 85.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Todd Miller Sudo

Timeline

PublishedMay 18

Latest updateMay 14

Description

sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶Debiansudo< 1.8.3p2-1.1+3

▶NVDtodd_miller/sudo19 versions+18

🔴Vulnerability Details

GHSA

GHSA-69qw-r4p8-f6hq: sudo 1↗2022-05-14

▶

OSV

CVE-2012-2337: sudo 1↗2012-05-18

▶

CVEList

CVE-2012-2337: sudo 1↗2012-05-18

▶

📋Vendor Advisories

Red Hat

sudo: Multiple netmask values used in Host / Host_List configuration cause any host to be allowed access↗2012-05-16

▶

Ubuntu

Sudo vulnerability↗2012-05-16

▶

Debian

CVE-2012-2337: sudo - sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly...↗2012

▶

💬Community

Bugzilla

CVE-2012-2337 sudo: Multiple netmask values used in Host / Host_List configuration cause any host to be allowed access [fedora-all]↗2012-05-16

▶

Bugzilla

CVE-2012-2337 sudo: Multiple netmask values used in Host / Host_List configuration cause any host to be allowed access↗2012-05-10

▶