Main Vulnerability Database Exploits ID:3665 - Exploit for Format string error in Sudo - CVE-2012-0809

ID:3665 - Exploit for Format string error in Sudo - CVE-2012-0809

Published: July 29, 2020

Vulnerability identifier: #VU32823

Vulnerability risk: Low

CVE-ID: CVE-2012-0809

CWE-ID: CWE-134

Exploitation vector: Local access

Vulnerable software:
Sudo

Link to public exploit:

https://www.exploit-db.com/exploits/18436/

Vulnerability description

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.

Remediation

Install update from vendor's website.

ID:3665 - Exploit for Format string error in Sudo - CVE-2012-0809

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human