MDVSA-2012:079
- Package name
- sudo
- Date
- 2012-05-21
- Advisory ID
- MDVSA-2012:079
- Affected versions
- MES5 i586 , 2010.1 i586 , 2011 x86_64 , 2011 i586 , MES5 x86_64 , 2010.1 x86_64
Problem description
A vulnerability has been found and corrected in sudo:
A flaw exists in the IP network matching code in sudo versions 1.6.9p3
through 1.8.4p4 that may result in the local host being matched
even though it is not actually part of the network described by the
IP address and associated netmask listed in the sudoers file or in
LDAP. As a result, users authorized to run commands on certain IP
networks may be able to run commands on hosts that belong to other
networks not explicitly listed in sudoers (CVE-2012-2337
The updated packages have been patched to correct this issue.
Updated packages
MES5 i586
b713c66d70635d93ccf68864c8849fe8 mes5/i586/sudo-1.7.4p6-0.2mdvmes5.2.i586.rpm 1de7c7de8f1764ecad9d727bae373fa7 mes5/SRPMS/sudo-1.7.4p6-0.2mdvmes5.2.src.rpm
2010.1 i586
10f9635c97df775aa2e84eea10cc2520 2010.1/i586/sudo-1.7.4p6-0.2mdv2010.2.i586.rpm 172ec1e9eb59daf6c619083544395615 2010.1/SRPMS/sudo-1.7.4p6-0.2mdv2010.2.src.rpm
2011 x86_64
c1a370556138f31669c713c7544ee042 2011/x86_64/sudo-1.7.6p2-1.1-mdv2011.0.x86_64.rpm 54e9566af0fc7a350b91a14351e83a9c 2011/SRPMS/sudo-1.7.6p2-1.1.src.rpm
2011 i586
4eaa11586daaf481506b9383462e11b1 2011/i586/sudo-1.7.6p2-1.1-mdv2011.0.i586.rpm 54e9566af0fc7a350b91a14351e83a9c 2011/SRPMS/sudo-1.7.6p2-1.1.src.rpm
MES5 x86_64
6cabbb3df9d3ab16adb1f29b42ec24c5 mes5/x86_64/sudo-1.7.4p6-0.2mdvmes5.2.x86_64.rpm 1de7c7de8f1764ecad9d727bae373fa7 mes5/SRPMS/sudo-1.7.4p6-0.2mdvmes5.2.src.rpm
2010.1 x86_64
7c223e5185387d690b1fd5c9aedbb072 2010.1/x86_64/sudo-1.7.4p6-0.2mdv2010.2.x86_64.rpm 172ec1e9eb59daf6c619083544395615 2010.1/SRPMS/sudo-1.7.4p6-0.2mdv2010.2.src.rpm