CVE-2012-0809

Publication date 1 February 2012

Last updated 24 July 2024


Ubuntu priority

Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.

Read the notes from the security team

Status

Package Ubuntu Release Status
sudo 12.04 LTS precise
Fixed 1.8.3p1-1ubuntu3
11.10 oneiric
Not affected
11.04 natty
Not affected
10.10 maverick
Not affected
10.04 LTS lucid
Not affected
8.04 LTS hardy
Not affected

Notes


jdstrand

per upstream, introduced in 1.8, so only 12.04 affected -D_FORTIFY_SOURCE=2 in combination with ASLR and NX should adequately protect against this until an update is provided