What is CVE-2012-0809?

CVE-2012-0809 is a vulnerability in Todd_miller Sudo, classified under Use of Externally-Controlled Format String. Published 2012-02-01.

Is CVE-2012-0809 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Todd_miller Sudo

CVE-2012-0809

Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.

EPSS: 0.435 (97.6th percentile) — read the EPSS interpretation.

Affected products

Todd_miller Sudo — versions 1.8.0, 1.8.1, 1.8.1p1
N/a — versions n/a

Weakness classification (CWE)

CWE-134 — Use of Externally-Controlled Format String

Public proof-of-concept exploits

References

GLSA-201203-06 (vendor-advisory, x_refsource_GENTOO)
secalert@redhat.com (Exploit, x_refsource_MISC)
20120130 Advisory: sudo 1.8 Format String Vulnerability (mailing-list, x_refsource_FULLDISC)
secalert@redhat.com (x_refsource_CONFIRM, Exploit, Vendor Advisory)

Frequently asked questions

What is CVE-2012-0809?: CVE-2012-0809 is a vulnerability in Todd_miller Sudo, classified under Use of Externally-Controlled Format String. Published 2012-02-01.
Is CVE-2012-0809 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.