Vulnerability CVE-2012-0809
Published: 2012-01-31   Modified: 2012-02-13

Description:
Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.

See advisories in our WLB2 database:
Topic
Author
Date
High
sudo_debug 1.8.0-1.8.3p1 format string root exploit
aeon
01.05.2013

Type:

CWE-134

 (Uncontrolled Format String)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Todd miller -> SUDO 

 References:
http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0591.html
http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt
http://security.gentoo.org/glsa/glsa-201203-06.xml
http://www.sudo.ws/sudo/alerts/sudo_debug.html
Copyright 2025, cxsecurity.com

 

Back to Top