CVE-2012-0809
Publication date 1 February 2012
Last updated 24 July 2024
Ubuntu priority
Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
Status
Package | Ubuntu Release | Status |
---|---|---|
sudo | 12.04 LTS precise |
Fixed 1.8.3p1-1ubuntu3
|
11.10 oneiric |
Not affected
|
|
11.04 natty |
Not affected
|
|
10.10 maverick |
Not affected
|
|
10.04 LTS lucid |
Not affected
|
|
8.04 LTS hardy |
Not affected
|
Notes
jdstrand
per upstream, introduced in 1.8, so only 12.04 affected -D_FORTIFY_SOURCE=2 in combination with ASLR and NX should adequately protect against this until an update is provided