Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
614
VMScore

CVE-2009-0034

Published: 30/01/2009 Updated: 12/01/2024
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 614
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Gratisoft

Vulnerability Summary

parse.c in sudo 1.6.9p17 up to and including 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.

Vulnerable Product Search on Vulmon Subscribe to Product

gratisoft sudo 1.6.9

vmware esx 4.0

Vendor Advisories

Red Hat: Moderate: sudo security update
Synopsis Moderate: sudo security update Type/Severity Security Advisory: Moderate Topic An updated sudo package to fix a security issue is now available for RedHat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Description ...
Ubuntu Security Notice: sudo vulnerability
Harald Koenig discovered that sudo did not correctly handle certain privilege changes when handling groups If a local attacker belonged to a group included in a “RunAs” list in the /etc/sudoers file, that user could gain root privileges This was not an issue for the default sudoers file shipped with Ubuntu ...

References

CWE-863https://issues.rpath.com/browse/RPL-2954http://www.securityfocus.com/bid/33517https://bugzilla.novell.com/show_bug.cgi?id=468923http://www.gratisoft.us/bugzilla/show_bug.cgi?id=327http://wiki.rpath.com/Advisories:rPSA-2009-0021http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&f=hhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:033http://secunia.com/advisories/33753http://secunia.com/advisories/33885http://www.redhat.com/support/errata/RHSA-2009-0267.htmlhttp://osvdb.org/51736http://www.securitytracker.com/id?1021688http://secunia.com/advisories/33840http://www.vupen.com/english/advisories/2009/1865http://www.vmware.com/security/advisories/VMSA-2009-0009.htmlhttp://secunia.com/advisories/35766http://lists.vmware.com/pipermail/security-announce/2009/000060.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6462https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10856http://www.securityfocus.com/archive/1/504849/100/0/threadedhttp://www.securityfocus.com/archive/1/500546/100/0/threadedhttps://access.redhat.com/errata/RHSA-2009:0267https://usn.ubuntu.com/722-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook