Search for vulnerabilities
Vulnerability details: VCID-t41x-exhm-aaab
Vulnerability ID VCID-t41x-exhm-aaab
Aliases CVE-2012-0809
Summary Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
Status Published
Exploitability 2.0
Weighted Severity 6.5
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-134 Use of Externally-Controlled Format String
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.50593 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.53958 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
epss 0.57797 https://api.first.org/data/v1/epss?cve=CVE-2012-0809
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=784443
cvssv2 7.2 https://nvd.nist.gov/vuln/detail/CVE-2012-0809
Reference id Reference type URL
http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0591.html
http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0809.json
https://api.first.org/data/v1/epss?cve=CVE-2012-0809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0809
http://security.gentoo.org/glsa/glsa-201203-06.xml
http://www.sudo.ws/sudo/alerts/sudo_debug.html
657985 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657985
784443 https://bugzilla.redhat.com/show_bug.cgi?id=784443
cpe:2.3:a:todd_miller:sudo:1.8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.8.1p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.1p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.8.1p2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.1p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.8.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.8.3p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.3p1:*:*:*:*:*:*:*
CVE-2012-0809 https://nvd.nist.gov/vuln/detail/CVE-2012-0809
CVE-2012-0809;OSVDB-78659 Exploit http://seclists.org/fulldisclosure/2012/Jan/att-590/advisory_sudo.txt
CVE-2012-0809;OSVDB-78659 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/25134.c
GLSA-201203-06 https://security.gentoo.org/glsa/201203-06
OSVDB-78659;CVE-2012-0809 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/18436.txt
Data source Exploit-DB
Date added May 1, 2013
Description sudo 1.8.0 < 1.8.3p1 - 'sudo_debug' glibc FORTIFY_SOURCE Bypass + Privilege Escalation
Ransomware campaign use Known
Source publication date May 1, 2013
Exploit type local
Platform linux
Source update date June 21, 2017
Source URL http://seclists.org/fulldisclosure/2012/Jan/att-590/advisory_sudo.txt
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2012-0809
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.20394
EPSS Score 0.00050
Published At Nov. 18, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.