Systems compiled with -D_Fortify_source=2 are not vulnerable. If I'm not wrong it's a format string vulnerability.
2012/1/31 RB <[email protected]> > Not sure how much testing anyone else has done (and it warrants more > testing), but I just tested this on a rather out-of-date machine > running hardened-sources-3.0.4 and sudo-1.8.2-r1. I had brute-force > prevention enabled, and not only was the vulnerability not successful, > I was locked out from all execution under my UID for 15 minutes - > couldn't even su over from root. Definite win for hardened! > >
