Test ID:	1.3.6.1.4.1.25623.1.0.71676
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-1442-1 (sudo)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to sudo announced via advisory USN-1442-1. Details: It was discovered that sudo incorrectly handled network masks when using Host and Host_List. A local user who is listed in sudoers may be allowed to run commands on unintended hosts when IPv4 network masks are used to grant access. A local attacker could exploit this to bypass intended access restrictions. Host and Host_List are not used in the default installation of Ubuntu. Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: sudo 1.7.4p6-1ubuntu2.1 sudo-ldap 1.7.4p6-1ubuntu2.1 Ubuntu 11.04: sudo 1.7.4p4-5ubuntu7.2 sudo-ldap 1.7.4p4-5ubuntu7.2 Ubuntu 10.04 LTS: sudo 1.7.2p1-1ubuntu5.4 sudo-ldap 1.7.2p1-1ubuntu5.4 Ubuntu 8.04 LTS: sudo 1.6.9p10-1ubuntu3.9 sudo-ldap 1.6.9p10-1ubuntu3.9 http://www.securityspace.com/smysecure/catid.html?in=USN-1442-1 CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:NR/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2337 1027077 http://www.securitytracker.com/id?1027077 49219 http://secunia.com/advisories/49219 49244 http://secunia.com/advisories/49244 49291 http://secunia.com/advisories/49291 49948 http://secunia.com/advisories/49948 DSA-2478 http://www.debian.org/security/2012/dsa-2478 FEDORA-2012-7998 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html MDVSA-2012:079 http://www.mandriva.com/security/advisories?name=MDVSA-2012:079 http://www.sudo.ws/sudo/alerts/netmask.html https://bugzilla.redhat.com/show_bug.cgi?id=820677 https://www.suse.com/security/cve/CVE-2012-2337/
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.