Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.71432
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2012:1081
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2012:1081.

The sudo (superuser do) utility allows system administrators to give
certain users the ability to run commands as root.

A flaw was found in the way the network matching code in sudo handled
multiple IP networks listed in user specification configuration directives.
A user, who is authorized to run commands with sudo on specific hosts,
could use this flaw to bypass intended restrictions and run those commands
on hosts not matched by any of the network specifications. (CVE-2012-2337)

All users of sudo are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2012-1081.html
http://www.sudo.ws/sudo/alerts/netmask.html

Risk factor : Medium

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-2337
Debian Security Information: DSA-2478 (Google Search)
http://www.debian.org/security/2012/dsa-2478
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:079
https://www.suse.com/security/cve/CVE-2012-2337/
http://www.securitytracker.com/id?1027077
http://secunia.com/advisories/49219
http://secunia.com/advisories/49244
http://secunia.com/advisories/49291
http://secunia.com/advisories/49948
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.