FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sudo -- format string vulnerability

Affected packages
1.8.0 <= sudo < 1.8.3_2

Details

VuXML ID 7c920bb7-4b5f-11e1-9f47-00e0815b8da8
Discovery 2012-01-30
Entry 2012-01-30
Modified 2012-01-31

Todd Miller reports:

Sudo 1.8.0 introduced simple debugging support that was primarily intended for use when developing policy or I/O logging plugins. The sudo_debug() function contains a flaw where the program name is used as part of the format string passed to the fprintf() function. The program name can be controlled by the caller, either via a symbolic link or, on some systems, by setting argv[0] when executing sudo.

Using standard format string vulnerability exploitation techniques it is possible to leverage this bug to achieve root privileges.

Exploitation of the bug does not require that the attacker be listed in the sudoers file. As such, we strongly suggest that affected sites upgrade from affected sudo versions as soon as possible.

References

CVE Name CVE-2012-0809
URL http://www.gratisoft.us/sudo/alerts/sudo_debug.html