[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2012-0809

Date: (C)2012-01-31   (M)2015-12-16 


Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.

CVSS Score: 7.2Access Vector: LOCAL
Exploit Score: 3.9Access Complexity: LOW
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0591.html
http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt
http://www.sudo.ws/sudo/alerts/sudo_debug.html

CPE    7
cpe:/a:todd_miller:sudo:1.8.2
cpe:/a:todd_miller:sudo:1.8.1
cpe:/a:todd_miller:sudo:1.8.3
cpe:/a:todd_miller:sudo:1.8.0
...
CWE    1
CWE-134
OVAL    2
oval:org.secpod.oval:def:103424
oval:org.secpod.oval:def:103978

© 2013 SecPod Technologies