Todd Miller Sudo Host_List Local Privilege Escalation Vulnerability

Todd Miller Sudo Host_List Local Privilege Escalation Vulnerability

Release date:
Updated on:

Affected Systems:
Todd Miller Sudo 1.x
Ubuntu Linux
Unaffected system:
Todd Miller Sudo 1.8.4p5
Todd Miller Sudo 1.7.9p1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53569
Cve id: CVE-2012-2337

Sudo is a tool that allows system administrators to allow common users to execute some or all of the root commands, reducing the login and management time of root users and improving security.

When Sudo versions 1.6.9p3 to 1.8.4p4 process hosts Based on the IPv4 network mask, an error occurs in the network matching mechanism, which can be exploited to execute illegal host commands. Successful exploitation of commands that require the user to exist in the sudoers file and have the permission to access IPv4 network hosts.

<* Source: Ubuntu

Link: http://secunia.com/advisories/49219/
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Todd Miller
-----------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.sudo.ws/sudo/dist/