Published: 01/02/2012 Updated: 05/01/2018

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 730

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Format string vulnerability in the sudo_debug function in Sudo 1.8.0 up to and including 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.

Vulnerable Product	Search on Vulmon	Subscribe to Product
todd miller sudo 1.8.0
todd miller sudo 1.8.2
todd miller sudo 1.8.1p2
todd miller sudo 1.8.3p1
todd miller sudo 1.8.3
todd miller sudo 1.8.1p1
todd miller sudo 1.8.1

Debian Bug report logs - #673766 CVE-2012-2337: IP addresses in sudoers with netmask may match additional hosts Package: sudo; Maintainer for sudo is Bdale Garbee <bdale@gagcom>; Source for sudo is src:sudo (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Mon, 21 May 2012 10:09 ...

Debian Bug report logs - #657985 sudo: 18 Format String Vulnerability Package: src:sudo; Maintainer for src:sudo is Bdale Garbee <bdale@gagcom>; Reported by: Henri Salo <henri@nervfi> Date: Mon, 30 Jan 2012 15:30:01 UTC Severity: serious Tags: help, patch, security Merged with 658041 Found in version sudo/183p1 ...

sudo versions 180 through 183p1 sudo_debug root exploit with glibc FORTIFY_SOURCE bypass ...

Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 +--++> [ Authors ] joernchen <joernchen () phenoelit de> Phenoelit Group (wwwphenoelitde) [ Affected Products ] sudo 180 - 183p1 (sudows) [ Vendor communication ] 2012-01-24 Send vulnerability details to sudo maintain ...

/* death-starc sudo v180-183p1 (sudo_debug) format string root exploit + glibc FORTIFY_SOURCE bypass by aeon - infosecabsurditywordpresscom/ This PoC exploits: - CVE-2012-0864 - FORTIFY_SOURCE format string protection bypass via "nargs" integer overflow - CVE-2012-0809 - sudo v180-183p1 "sudo_debug" format string Tested ...

Practiced several system security exploits with C language in a specific Linux image, most of which aim to achieve root privileges or tamper with some data, breaking the integrity or/and the confidentiality of the system. Some general techniques applied to the vulnerable custom programs include stack overflow, integer overflow, format string tri…

System-Security-Exploit-Practice Practiced several system security exploits with C language in a specific Linux image Origin, most of which aim to achieve root privileges or tamper with some data, breaking the integrity or/and the confidentiality of the system Some general techniques applied to the vulnerable custom programs include buffer overflow, integer overflow, format

CWE-134 http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0591.html http://www.sudo.ws/sudo/alerts/sudo_debug.html http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt http://security.gentoo.org/glsa/glsa-201203-06.xml https://nvd.nist.gov https://github.com/Hanc1999/System-Security-Exploit-Practice https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673766 https://www.exploit-db.com/exploits/18436/

CVE-2012-0809

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect