Not sure how much testing anyone else has done (and it warrants more
testing), but I just tested this on a rather out-of-date machine
running hardened-sources-3.0.4 and sudo-1.8.2-r1. I had brute-force
prevention enabled, and not only was the vulnerability not successful,
I was locked out from all execution under my UID for 15 minutes -
couldn't even su over from root. Definite win for hardened!

Systems compiled with -D_Fortify_source=2 are not vulnerable. If I'm not wrong it's a format string vulnerability.

2012/1/31 RB <aoz.syn@gmail.com>

Not sure how much testing anyone else has done (and it warrants more

testing), but I just tested this on a rather out-of-date machine

running hardened-sources-3.0.4 and sudo-1.8.2-r1. *I had brute-force

prevention enabled, and not only was the vulnerability not successful,

I was locked out from all execution under my UID for 15 minutes -

couldn't even su over from root. *Definite win for hardened!

On Tuesday 31 January 2012 16:19:53 Javier Juan Martínez Cabezón wrote:
> Systems compiled with -D_Fortify_source=2 are not vulnerable. If I'm not
> wrong it's a format string vulnerability.

Not very sure about it. From the original advisory:

he above example shows the result of FORTIFY_SOURCE which makes explotitation
painful but not impossible (see [0]). Without FORTIFY_SOURCE the exploit is
straight forward.

--
Agostino Sarubbo ago -at- gentoo.org
Gentoo/AMD64 Arch Security Liaison
GPG: 0x7CD2DC5D