FreeBSD : sudo -- netmask vulnerability (b3435b68-9ee8-11e1-997c-002354ed89bc)

NASLDB: FreeBSD : sudo -- netmask vulnerability (b3435b68-9ee8-11e1-997c-002354ed89bc)

General

ID: 59169
Name: FreeBSD : sudo — netmask vulnerability (b3435b68-9ee8-11e1-997c-002354ed89bc)

Summary: Checks for updated package in pkg_info output

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –

Port: 0
Family: FreeBSD Local Security Checks
Type: Local

Description

Todd Miller reports :

Sudo supports granting access to commands on a per-host basis. The
host specification may be in the form of a host name, a netgroup, an
IP address, or an IP network (an IP address with an associated
netmask).

When IPv6 support was added to sudo, a bug was introduced that caused
the IPv6 network matching code to be called when an IPv4 network
address does not match. Depending on the value of the uninitialized
portion of the IPv6 address, it is possible for the IPv4 network
number to match when it should not. This bug only affects IP network
matching and does not affect simple IP address matching.

The reported configuration that exhibited the bug was an LDAP-based
sudo installation where the sudoRole object contained multiple
sudoHost entries, each containing a different IPv4 network. File-based
sudoers should be affected as well as the same matching code is used.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-2337
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2012/05/16
Patch Release: 2012/05/16
Plugin Release: 2012/05/17

Plugin

Version: 1.2
Filename: freebsd_pkg_b3435b689ee811e1997c002354ed89bc.nasl
Filesize: 4902 bytes
MD5 Hash: 6f8f59da8796000cd52064ffcd278cfc

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG