1
Candidate: CVE-2012-0809
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0809
5
http://www.gratisoft.us/sudo/alerts/sudo_debug.html
7
Format string vulnerability in the sudo_debug function in Sudo 1.8.0
8
through 1.8.3p1 allows local users to execute arbitrary code via format
9
string sequences in the program name for sudo.
12
jdstrand> per upstream, introduced in 1.8, so only 12.04 affected
13
jdstrand> -D_FORTIFY_SOURCE=2 in combination with ASLR and NX should
14
adequately protect against this until an update is provided
20
Tags_sudo_precise: fortify-source
22
upstream_sudo: released (1.8.3p2)
23
hardy_sudo: not-affected
24
lucid_sudo: not-affected
25
maverick_sudo: not-affected
26
natty_sudo: not-affected
27
oneiric_sudo: not-affected (1.7.4p6-1ubuntu2)
28
devel_sudo: released (1.8.3p1-1ubuntu3)