Vulnerability in Todd_miller Sudo

CVE-2012-2337

sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing…

EPSS: 0.000 (15.1th percentile) — read the EPSS interpretation.

Affected products

Todd_miller Sudo — versions 1.6, 1.6.1, 1.6.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

secalert@redhat.com (x_refsource_CONFIRM)
49219 (x_refsource_SECUNIA, third-party-advisory)
49948 (x_refsource_SECUNIA, third-party-advisory)
49244 (x_refsource_SECUNIA, third-party-advisory)
MDVSA-2012:079 (vendor-advisory, x_refsource_MANDRIVA)
49291 (x_refsource_SECUNIA, third-party-advisory)
DSA-2478 (vendor-advisory, x_refsource_DEBIAN)
1027077 (vdb-entry, x_refsource_SECTRACK)
secalert@redhat.com (x_refsource_MISC)
FEDORA-2012-7998 (x_refsource_FEDORA, vendor-advisory)