CVE-2012-0809

Published: Feb 1, 2012Modified: Apr 29, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.

Affected (7)

Products: Todd Miller: Sudo

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Todd Miller Sudo	Version 1.8.0
Todd Miller Sudo	Version 1.8.1
Todd Miller Sudo	Version 1.8.1p1
Todd Miller Sudo	Version 1.8.1p2
Todd Miller Sudo	Version 1.8.2
Todd Miller Sudo	Version 1.8.3
Todd Miller Sudo	Version 1.8.3p1

Related CWEs

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (8)

http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0591.html

Source: secalert@redhat.com

http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt

Source: secalert@redhat.com

Exploit

http://security.gentoo.org/glsa/glsa-201203-06.xml

Source: secalert@redhat.com

http://www.sudo.ws/sudo/alerts/sudo_debug.html

Source: secalert@redhat.com

ExploitVendor Advisory

http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0591.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://security.gentoo.org/glsa/glsa-201203-06.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.sudo.ws/sudo/alerts/sudo_debug.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.