Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0809

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2012-0809
Last Modified 01 Feb 2012 12:00:00
Published 31 Jan 2012 07:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-0809

Summary

Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.

Vulnerable Systems

Application

  • Todd Miller Sudo 1.8.0

  • Todd Miller Sudo 1.8.1

  • Todd Miller Sudo 1.8.1p1

  • Todd Miller Sudo 1.8.1p2

  • Todd Miller Sudo 1.8.2

  • Todd Miller Sudo 1.8.3

  • Todd Miller Sudo 1.8.3p1


References

CONFIRM - http://www.sudo.ws/sudo/alerts/sudo_debug.html

MISC - http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt

FULLDISC - 20120130 Advisory: sudo 1.8 Format String Vulnerability


Last Updated: 27 May 2016 10:57:24