CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-0809

Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.54

EPSS Ranking 97.8%

CVSS Severity

CVSS v2 Score 7.2

References

http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0591.html
http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt
http://security.gentoo.org/glsa/glsa-201203-06.xml
http://www.sudo.ws/sudo/alerts/sudo_debug.html
http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0591.html
http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt
http://security.gentoo.org/glsa/glsa-201203-06.xml
http://www.sudo.ws/sudo/alerts/sudo_debug.html

Products affected by CVE-2012-0809

Todd Miller » Sudo » Version: 1.8.0

cpe:2.3:a:todd_miller:sudo:1.8.0
Todd Miller » Sudo » Version: 1.8.1

cpe:2.3:a:todd_miller:sudo:1.8.1
Todd Miller » Sudo » Version: 1.8.1p1

cpe:2.3:a:todd_miller:sudo:1.8.1p1
Todd Miller » Sudo » Version: 1.8.1p2

cpe:2.3:a:todd_miller:sudo:1.8.1p2
Todd Miller » Sudo » Version: 1.8.2

cpe:2.3:a:todd_miller:sudo:1.8.2
Todd Miller » Sudo » Version: 1.8.3

cpe:2.3:a:todd_miller:sudo:1.8.3
Todd Miller » Sudo » Version: 1.8.3p1

cpe:2.3:a:todd_miller:sudo:1.8.3p1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-0809

Products

Pricing

Contact Us