Ubuntu Security Notice USN-1442-1

Ubuntu Security Notice USN-1442-1: Posted May 16, 2012; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1442-1 - It was discovered that sudo incorrectly handled network masks when using Host and Host_List. A local user who is listed in sudoers may be allowed to run commands on unintended hosts when IPv4 network masks are used to grant access. A local attacker could exploit this to bypass intended access restrictions. Host and Host_List are not used in the default installation of Ubuntu.; tags | advisory, local; systems | linux, ubuntu; advisories | CVE-2012-2337; SHA-256 | 4324b59d64b342a521a0980f0e685008be9a14f33f0173e24e06a2608c59a814; Download | Favorite | View

Ubuntu Security Notice USN-1442-1

Content-Disposition: inline

==========================================================================Ubuntu Security Notice USN-1442-1
May 16, 2012

sudo vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

Sudo could allow users to run arbitrary programs as the administrator.

Software Description:
- sudo: Provide limited super user privileges to specific users

Details:

It was discovered that sudo incorrectly handled network masks when using Host
and Host_List. A local user who is listed in sudoers may be allowed to run
commands on unintended hosts when IPv4 network masks are used to grant access.
A local attacker could exploit this to bypass intended access restrictions. Host
and Host_List are not used in the default installation of Ubuntu.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  sudo                            1.8.3p1-1ubuntu3.2
  sudo-ldap                       1.8.3p1-1ubuntu3.2

Ubuntu 11.10:
  sudo                            1.7.4p6-1ubuntu2.1
  sudo-ldap                       1.7.4p6-1ubuntu2.1

Ubuntu 11.04:
  sudo                            1.7.4p4-5ubuntu7.2
  sudo-ldap                       1.7.4p4-5ubuntu7.2

Ubuntu 10.04 LTS:
  sudo                            1.7.2p1-1ubuntu5.4
  sudo-ldap                       1.7.2p1-1ubuntu5.4

Ubuntu 8.04 LTS:
  sudo                            1.6.9p10-1ubuntu3.9
  sudo-ldap                       1.6.9p10-1ubuntu3.9

In general, a standard system update will make all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1442-1
  CVE-2012-2337

Package Information:
  https://launchpad.net/ubuntu/+source/sudo/1.8.3p1-1ubuntu3.2
  https://launchpad.net/ubuntu/+source/sudo/1.7.4p6-1ubuntu2.1
  https://launchpad.net/ubuntu/+source/sudo/1.7.4p4-5ubuntu7.2
  https://launchpad.net/ubuntu/+source/sudo/1.7.2p1-1ubuntu5.4
  https://launchpad.net/ubuntu/+source/sudo/1.6.9p10-1ubuntu3.9

Top Authors In Last 30 Days

Red Hat 206 files
Ubuntu 106 files
indoushka 26 files
Debian 22 files
Gentoo 14 files
CraCkEr 13 files
Google Security Research 12 files
Mirabbas Agalarov 9 files
Apple 8 files
Ivan Fratric 7 files

File Archives

Systems

AIX (428)
Apple (1,979)
BSD (373)
CentOS (57)
Cisco (1,920)
Debian (6,757)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,321)
HPUX (879)
iOS (344)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,858)
Mac OS X (685)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (13,368)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,647)
UNIX (9,245)
UnixWare (186)
Windows (6,557)
Other

Ubuntu Security Notice USN-1442-1

Ubuntu Security Notice USN-1442-1

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-1442-1

Share This

Ubuntu Security Notice USN-1442-1

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems