From the upstream advisory at $URL: Sudo versions affected: 1.8.0 through 1.8.3p1 inclusive. Older versions of sudo are not affected. Details: Sudo 1.8.0 introduced simple debugging support that was primarily intended for use when developing policy or I/O logging plugins. The sudo_debug() function contains a flaw where the program name is used as part of the format string passed to the fprintf() function. The program name can be controlled by the caller, either via a symbolic link or, on some systems, by setting argv[0] when executing sudo. For example: $ ln -s /usr/bin/sudo ./%s $ ./%s -D9 Segmentation fault Using standard format string vulnerability exploitation techniques it is possible to leverage this bug to achieve root privileges. Fix: The bug is fixed in sudo 1.8.3p2. Sudo version 1.8.3p1 may be updated to version 1.8.3p2 via the file sudo-1.8.3p2.patch.gz. For sudo versions 1.8.0-1.8.3, the patch to sudo.c in sudo-1.8.3p2.patch.gz will also apply.
1.8.3_p2 now in the tree
(In reply to comment #1) > 1.8.3_p2 now in the tree Thanks Mike. Arches, please test and mark stable: =app-admin/sudo-1.8.3_p2 Target KEYWORDS : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
amd64 stable
x86 stable
Stable for HPPA.
ppc done
alpha/arm/ia64/m68k/s390/sh/sparc stable
CVE-2012-0809 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0809): Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
ppc64 done
Thanks, everyone. Already on existing GLSA draft.
This issue was resolved and addressed in GLSA 201203-06 at http://security.gentoo.org/glsa/glsa-201203-06.xml by GLSA coordinator Sean Amoss (ackle).
