CVE-2012-0809

Summary

CVE	CVE-2012-0809
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2012-02-01 00:55:00 UTC
Updated	2018-01-05 02:29:00 UTC
Description	Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.

Risk And Classification

Problem Types: CWE-134

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Todd Miller	Sudo	1.8.0	All	All	All
Application	Todd Miller	Sudo	1.8.1	All	All	All
Application	Todd Miller	Sudo	1.8.1p1	All	All	All
Application	Todd Miller	Sudo	1.8.1p2	All	All	All
Application	Todd Miller	Sudo	1.8.2	All	All	All
Application	Todd Miller	Sudo	1.8.3	All	All	All
Application	Todd Miller	Sudo	1.8.3p1	All	All	All
Application	Todd Miller	Sudo	1.8.0	All	All	All
Application	Todd Miller	Sudo	1.8.1	All	All	All
Application	Todd Miller	Sudo	1.8.1p1	All	All	All
Application	Todd Miller	Sudo	1.8.1p2	All	All	All
Application	Todd Miller	Sudo	1.8.2	All	All	All
Application	Todd Miller	Sudo	1.8.3	All	All	All
Application	Todd Miller	Sudo	1.8.3p1	All	All	All

References

Reference	Source	Link	Tags
Gentoo Linux Documentation -- sudo: Privilege escalation	GENTOO	security.gentoo.org
NEOHAPSIS - Peace of Mind Through Integrity and Insight	FULLDISC	archives.neohapsis.com
Sudo format string vulnerability	CONFIRM	www.sudo.ws	Exploit, Vendor Advisory
archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt	MISC	archives.neohapsis.com	Exploit
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.