CVE-2012-0809

NONE EPSS 85.7%
Published Feb 1, 201214y ago · Modified Jun 16, 20262w ago
Find Similar
Published Feb 1, 2012 14y ago
Last Modified Jun 16, 2026 2w ago

Description

Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.

Threat Intelligence

EPSS Exploit Probability
85.7% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-134

Affected Products 7

VendorProductVersionRange
todd_millersudo1.8.0any
todd_millersudo1.8.1any
todd_millersudo1.8.1p1any
todd_millersudo1.8.1p2any
todd_millersudo1.8.2any
todd_millersudo1.8.3any
todd_millersudo1.8.3p1any

References 4

  • archives.neohapsis.com http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0591.html
  • archives.neohapsis.com http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt
    Exploit
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-201203-06.xml
  • sudo.ws http://www.sudo.ws/sudo/alerts/sudo_debug.html
    ExploitVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.