← volver
CVE-2009-0034

CVE-2009-0034

EPSS 0.4%
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://lists.vmware.com/pipermail/security-announce/2009/000060.htmlhttp://osvdb.org/51736https://bugzilla.novell.com/show_bug.cgi?id=468923http://secunia.com/advisories/33753http://secunia.com/advisories/33840http://secunia.com/advisories/33885http://secunia.com/advisories/35766https://issues.rpath.com/browse/RPL-2954https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10856https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6462http://wiki.rpath.com/Advisories:rPSA-2009-0021http://www.gratisoft.us/bugzilla/show_bug.cgi?id=327