CVE-2009-0034
CVE-2009-0034
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.vmware.com/pipermail/security-announce/2009/000060.htmlhttp://osvdb.org/51736https://bugzilla.novell.com/show_bug.cgi?id=468923http://secunia.com/advisories/33753http://secunia.com/advisories/33840http://secunia.com/advisories/33885http://secunia.com/advisories/35766https://issues.rpath.com/browse/RPL-2954https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10856https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6462http://wiki.rpath.com/Advisories:rPSA-2009-0021http://www.gratisoft.us/bugzilla/show_bug.cgi?id=327