Format string vulnerability in sudo

[Security] Posted Jan 30, 2012 21:54 UTC (Mon) by corbet

The sudo utility (version 1.8.0 and later) suffers from a format string vulnerability that can be easily shown to crash the program. There do not appear to be any publicly-posted privilege escalation exploits at this time, but that does not mean that such exploits do not exist. An update to version 1.8.3p2 in the near future is probably a good idea; expect advisories from the distributors in the near future.

Comments (31 posted)