Release date:
Updated on:
Affected Systems:
Todd Miller Sudo 1.8.3p1
Todd Miller Sudo 1.8.3
Todd Miller Sudo 1.8.2
Todd Miller Sudo 1.8.1
Todd Miller su do 1.8
Unaffected system:
Todd Miller Sudo 1.8.3p2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51719
Cve id: CVE 2012-0809
Sudo is a tool that allows system administrators to allow common users to execute some or all of the root commands, reducing the login and management time of root users and improving security.
Todd Miller "sudo" has a vulnerability in the implementation of the sudo_debug () function. The program name is used as a format string and passed to the fprintf () function, and the program name can be controlled by the calling program, local attackers can exploit this vulnerability to execute arbitrary code with root user permissions and completely control the affected computers.
<* Source: joernchen
Link: http://www.sudo.ws/sudo/alerts/sudo_debug.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Todd Miller
-----------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.sudo.ws/sudo/dist/