Not sure how much testing anyone else has done (and it warrants more testing), but I just tested this on a rather out-of-date machine running hardened-sources-3.0.4 and sudo-1.8.2-r1. I had brute-force prevention enabled, and not only was the vulnerability not successful, I was locked out from all execution under my UID for 15 minutes - couldn't even su over from root. Definite win for hardened!
- [gentoo-hardened] New sudo format string vu... RB
- Re: [gentoo-hardened] New sudo format ... Javier Juan Martínez Cabezón
- Re: [gentoo-hardened] New sudo for... Agostino Sarubbo
