CVE-2009-0034
published 2009-01-30CVE-2009-0034: parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.
Affected
124 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sudo | < sudo 1.6.9p17-2 (bookworm) | sudo 1.6.9p17-2 (bookworm) |
| debian | sudo | — | — |
| gratisoft | sudo | — | — |
| sudo_project | sudo | >= 0 < 1.6.9p17-2 | 1.6.9p17-2 |
| sudo_project | sudo | >= 0 < 1.6.9p17-2 | 1.6.9p17-2 |
| sudo_project | sudo | >= 0 < 1.6.9p17-2 | 1.6.9p17-2 |
| sudo_project | sudo | >= 0 < 1.6.9p17-2 | 1.6.9p17-2 |
| todd_miller | sudo | <= 1.7.4p5 | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd6.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv7.8HIGH