CVE-2009-0034
moderate-risk
Published 2009-01-30
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.
Do I need to act?
-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (4)
References (42)
Broken Link
http://osvdb.org/51736
Not Applicable
http://secunia.com/advisories/33753
Not Applicable
http://secunia.com/advisories/33840
Not Applicable
http://secunia.com/advisories/33885
Not Applicable
http://secunia.com/advisories/35766
Broken Link
http://wiki.rpath.com/Advisories:rPSA-2009-0021
Not Applicable
http://www.redhat.com/support/errata/RHSA-2009-0267.html
Broken Link
http://www.securityfocus.com/bid/33517
Broken Link
http://www.securitytracker.com/id?1021688
Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0009.html
Permissions Required
http://www.vupen.com/english/advisories/2009/1865
Issue Tracking
https://bugzilla.novell.com/show_bug.cgi?id=468923
Broken Link
https://issues.rpath.com/browse/RPL-2954
and 22 more references
34
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
0/34 · Minimal
Exposure
10/34 · Low