Home > Vulnerability Database > CVE-2012-0809

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2012-0809

Date: January 31, 2012

Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.

Severity Score

8.4

Related Resources (8)

Url: https://security-tracker.debian.org/tracker/CVE-2012-0809

Url: http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0591.html

Url: http://www.sudo.ws/sudo/alerts/sudo_debug.html

Url: http://security.gentoo.org/glsa/glsa-201203-06.xml

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-0809

Url: http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2012-0809

Url: https://www.mend.io/vulnerability-database/CVE-2012-0809

Severity Score

8.4

Weakness Type (CWE)

Use of Externally-Controlled Format String

CWE-134

CVSS v3.1

Base Score:	8.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.2
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Do you need more information?

Contact Us