CVE-2012-0809

Name of the Vulnerable Software and Affected Versions sudo versions 1.8.0 through 1.8.3p1 sudo version 1.8.3 p2 and earlier

Description The issue concerns multiple vulnerabilities in the sudo package, which can be exploited locally to compromise the confidentiality, integrity, and availability of protected information. A format string vulnerability in the sudo debug function allows local users to execute arbitrary code via format string sequences in the program name for sudo.

Recommendations For versions 1.8.0 through 1.8.3p1, update to version 1.8.3 p2 or later to resolve the issue. For version 1.8.3 p2 and earlier, update to version 1.8.3 p2 or later to resolve the issue. As a temporary workaround, consider restricting access to the sudo function to minimize the risk of exploitation.