Vulnerability Name:

CVE-2012-0809 (CCN-72781)

Assigned:2012-01-30
Published:2012-01-30
Updated:2018-01-05
Summary:Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.6 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-134
Vulnerability Consequences:Gain Access
References:Source: FULLDISC
Type: UNKNOWN
20120130 Advisory: sudo 1.8 Format String Vulnerability

Source: MISC
Type: Exploit
http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt

Source: MITRE
Type: CNA
CVE-2012-0809

Source: CCN
Type: SA47743
sudo "sudo_debug()" Format String Privilege Escalation Vulnerability

Source: GENTOO
Type: UNKNOWN
GLSA-201203-06

Source: CCN
Type: OSVDB ID: 78659
sudo src/sudo.c sudo_debug() Function Format String Local Privilege Escalation

Source: CCN
Type: BID-51719
Todd Miller Sudo 'Sudo_Debug()' Path Resolution Local Privilege Escalation Vulnerability

Source: CCN
Type: Sudo Web site
Sudo format string vulnerability

Source: CONFIRM
Type: Exploit, Vendor Advisory
http://www.sudo.ws/sudo/alerts/sudo_debug.html

Source: CCN
Type: Red Hat Bugzilla Bug 784443
CVE-2012-0809 sudo: format string flaw in sudo_debug()

Source: XF
Type: UNKNOWN
sudo-sudodebug-format-string(72781)

Source: CCN
Type: Packet Storm Security [05-01-2013]
sudo 1.8.3p1 Local Root

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [01-31-2012]

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [05-01-2013]

Vulnerable Configuration:Configuration 1:
  • cpe:/a:todd_miller:sudo:1.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.8.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.8.1p2:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.8.3:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.8.3p1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sudo_project:sudo:1.8.21:p2:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.8.3:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.8.3p1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20120809
    V
    		CVE-2012-0809
    2013-08-14
    BACK
    todd_miller sudo 1.8.0
    todd_miller sudo 1.8.1
    todd_miller sudo 1.8.1p1
    todd_miller sudo 1.8.1p2
    todd_miller sudo 1.8.2
    todd_miller sudo 1.8.3
    todd_miller sudo 1.8.3p1
    sudo_project sudo 1.8.21 p2
    todd_miller sudo 1.8.1
    todd_miller sudo 1.8.2
    todd_miller sudo 1.8.3
    todd_miller sudo 1.8.3p1