CVE-2012-2337

sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.

Published: May 18, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-2337
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
todd_miller / sudo	1.6.6	1.6.6.x
todd_miller / sudo	1.6.3	1.6.3.x
todd_miller / sudo	1.6.1	1.6.1.x
todd_miller / sudo	1.6.9p20	1.6.9p20.x
todd_miller / sudo	1.6.2	1.6.2.x
todd_miller / sudo	1.6.9p22	1.6.9p22.x
todd_miller / sudo	1.6.8	1.6.8.x
todd_miller / sudo	1.6.5	1.6.5.x
todd_miller / sudo	1.6.9	1.6.9.x
todd_miller / sudo	1.6.3_p7	1.6.3_p7.x
todd_miller / sudo	1.6.7p5	1.6.7p5.x
todd_miller / sudo	1.6.9p23	1.6.9p23.x
todd_miller / sudo	1.6	1.6.x
todd_miller / sudo	1.6.4	1.6.4.x
todd_miller / sudo	1.6.9p21	1.6.9p21.x
todd_miller / sudo	1.6.7	1.6.7.x
todd_miller / sudo	1.6.8p12	1.6.8p12.x
todd_miller / sudo	1.6.4p2	1.6.4p2.x
todd_miller / sudo	1.6.2p3	1.6.2p3.x

Vulnerability Database

289,697

CVE-2012-2337