CVE-2012-0809 — Vulnetix

CVE-2012-0809 PUBLISHED CVSS 7.199999809265137 HIGH

Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.

EPSS 43.47% · 97.6th percentile

Risk Scores

CVSS 2.0

7.199999809265137

EPSS Score

43.47%

97.6th percentile

Affected Products

Vendor	Product	Versions
todd_miller	sudo	1.8.1, 1.8.1p1, 1.8.1p2
n/a	n/a	n/a

Exploit Intelligence

http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt (nist-nvd)
http://www.sudo.ws/sudo/alerts/sudo_debug.html (nist-nvd)
CIRCL seen: CVE-2012-0809 (circl-sighting)
GLSA-201203-06 (circl)
20120130 Advisory: sudo 1.8 Format String Vulnerability (circl)
Sudo v1.8.0-1.8.3p1 (sudo_debug) - Root Exploit (0day-today)
Sudo v1.8.0-1.8.3p1 (sudo_debug) - Root Exploit (0day-today)

Timeline

Feb 1, 2012 CVE Published
May 1, 2013 PoC Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Jul 17, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
Jul 17, 2023 EPSS Score
Sep 7, 2023 EPSS Score

References

GLSA-201203-06 vendor-advisory
http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt url
20120130 Advisory: sudo 1.8 Format String Vulnerability mailing-list
http://www.sudo.ws/sudo/alerts/sudo_debug.html url
https://nvd.nist.gov/vuln/detail/CVE-2012-0809 advisory

Open in Interactive Console →