Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0034

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2009-0034
Last Modified 21 Aug 2010 01:29:36
Published 30 Jan 2009 02:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0034

Summary

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.

Vulnerable Systems

Application

  • Todd Miller Sudo 1.6.9 P17

  • Todd Miller Sudo 1.6.9 P18

  • Todd Miller Sudo 1.6.9 P19


References

CONFIRM - https://issues.rpath.com/browse/RPL-2954

CONFIRM - https://bugzilla.novell.com/show_bug.cgi?id=468923

VUPEN - ADV-2009-1865

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0009.html

CONFIRM - http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&f=h

SECTRACK - 1021688

BID - 33517

BUGTRAQ - 20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl

BUGTRAQ - 20090129 rPSA-2009-0021-1 sudo

REDHAT - RHSA-2009:0267

MANDRIVA - MDVSA-2009:033

CONFIRM - http://www.gratisoft.us/bugzilla/show_bug.cgi?id=327

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2009-0021

SECUNIA - 35766

SECUNIA - 33885

SECUNIA - 33840

SECUNIA - 33753

OSVDB - 51736

MLIST - [Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl


Last Updated: 27 May 2016 10:49:33