CVE-2012-0809
NONE EPSS 85.7%
Published Feb 1, 201214y ago · Modified Jun 16, 20262w ago
Published Feb 1, 2012 14y ago
Last Modified Jun 16, 2026 2w ago
Description
Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
Threat Intelligence
EPSS Exploit Probability
85.7% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-134
Affected Products 7
| Vendor | Product | Version | Range |
|---|---|---|---|
| todd_miller | sudo | 1.8.0 | any |
| todd_miller | sudo | 1.8.1 | any |
| todd_miller | sudo | 1.8.1p1 | any |
| todd_miller | sudo | 1.8.1p2 | any |
| todd_miller | sudo | 1.8.2 | any |
| todd_miller | sudo | 1.8.3 | any |
| todd_miller | sudo | 1.8.3p1 | any |
References 4
- archives.neohapsis.com http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0591.html
- archives.neohapsis.com http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt
- security.gentoo.org http://security.gentoo.org/glsa/glsa-201203-06.xml
- sudo.ws http://www.sudo.ws/sudo/alerts/sudo_debug.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.