Mandriva Linux Security Advisory : sudo (MDVSA-2012:079)

NASLDB: Mandriva Linux Security Advisory : sudo (MDVSA-2012:079)

General

ID: 59221
Name: Mandriva Linux Security Advisory : sudo (MDVSA-2012:079)

Summary: Checks rpm output for the updated package

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –

Port: 0
Family: Mandriva Local Security Checks
Type: Local

Description

A vulnerability has been found and corrected in sudo :

A flaw exists in the IP network matching code in sudo versions 1.6.9p3
through 1.8.4p4 that may result in the local host being matched even
though it is not actually part of the network described by the IP
address and associated netmask listed in the sudoers file or in LDAP.
As a result, users authorized to run commands on certain IP networks
may be able to run commands on hosts that belong to other networks not
explicitly listed in sudoers (CVE-2012-2337

The updated packages have been patched to correct this issue.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-2337
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/05/21
Plugin Release: 2012/05/22

Plugin

Version: 1.2
Filename: mandriva_MDVSA-2012-079.nasl
Filesize: 3383 bytes
MD5 Hash: 0ae91c501db7eb2c6a19ee999eba6a56

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG