Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2012:079 (sudo)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.72052

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2012:079 (sudo)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to sudo
announced via advisory MDVSA-2012:079.

A vulnerability has been found and corrected in sudo:

A flaw exists in the IP network matching code in sudo versions 1.6.9p3
through 1.8.4p4 that may result in the local host being matched
even though it is not actually part of the network described by the
IP address and associated netmask listed in the sudoers file or in
LDAP. As a result, users authorized to run commands on certain IP
networks may be able to run commands on hosts that belong to other
networks not explicitly listed in sudoers (CVE-2012-2337

The updated packages have been patched to correct this issue.

Affected: 2010.1, 2011., Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:079
http://www.sudo.ws/sudo/alerts/netmask.html

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-2337
1027077
http://www.securitytracker.com/id?1027077
49219
http://secunia.com/advisories/49219
49244
http://secunia.com/advisories/49244
49291
http://secunia.com/advisories/49291
49948
http://secunia.com/advisories/49948
DSA-2478
http://www.debian.org/security/2012/dsa-2478
FEDORA-2012-7998
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html
MDVSA-2012:079
http://www.mandriva.com/security/advisories?name=MDVSA-2012:079
http://www.sudo.ws/sudo/alerts/netmask.html
https://bugzilla.redhat.com/show_bug.cgi?id=820677
https://www.suse.com/security/cve/CVE-2012-2337/

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.72052
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2012:079 (sudo)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to sudo announced via advisory MDVSA-2012:079. A vulnerability has been found and corrected in sudo: A flaw exists in the IP network matching code in sudo versions 1.6.9p3 through 1.8.4p4 that may result in the local host being matched even though it is not actually part of the network described by the IP address and associated netmask listed in the sudoers file or in LDAP. As a result, users authorized to run commands on certain IP networks may be able to run commands on hosts that belong to other networks not explicitly listed in sudoers (CVE-2012-2337 The updated packages have been patched to correct this issue. Affected: 2010.1, 2011., Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:079 http://www.sudo.ws/sudo/alerts/netmask.html Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2337 1027077 http://www.securitytracker.com/id?1027077 49219 http://secunia.com/advisories/49219 49244 http://secunia.com/advisories/49244 49291 http://secunia.com/advisories/49291 49948 http://secunia.com/advisories/49948 DSA-2478 http://www.debian.org/security/2012/dsa-2478 FEDORA-2012-7998 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html MDVSA-2012:079 http://www.mandriva.com/security/advisories?name=MDVSA-2012:079 http://www.sudo.ws/sudo/alerts/netmask.html https://bugzilla.redhat.com/show_bug.cgi?id=820677 https://www.suse.com/security/cve/CVE-2012-2337/
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com