parse.c in sudo 1.6.9p17 up to and including 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gratisoft sudo 1.6.9 |
||
vmware esx 4.0 |