CVE-2012-0809 — Vulnetix

Try Vulnetix Request Demo

CVE-2012-0809 PUBLISHED CVSS 7.199999809265137 HIGH

Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.

EPSS 45.60% · 97.6th percentile

Risk Scores

CVSS v2.0

7.199999809265137

EPSS Score

45.60%

97.6th percentile

Affected Products

Vendor	Product	Versions
todd_miller	sudo	1.8.3p1, 1.8.0, 1.8.1
n/a	n/a	n/a

Timeline

Feb 1, 2012 CVE Published
May 1, 2013 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Jul 17, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

GLSA-201203-06 vendor-advisory
http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt url
20120130 Advisory: sudo 1.8 Format String Vulnerability mailing-list
http://www.sudo.ws/sudo/alerts/sudo_debug.html url
https://nvd.nist.gov/vuln/detail/CVE-2012-0809 advisory

Open in Interactive Console →