7.8

CVE-2009-0034

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GratisoftSudo Version1.6.9 Updatep17
GratisoftSudo Version1.6.9 Updatep18
GratisoftSudo Version1.6.9 Updatep19
VMwareEsx Version4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.41% 0.322
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

http://lists.vmware.com/pipermail/security-announce/2009/000060.html
Broken Link
http://osvdb.org/51736
Broken Link
http://secunia.com/advisories/33753
Not Applicable
http://secunia.com/advisories/33840
Not Applicable
http://secunia.com/advisories/33885
Not Applicable
http://secunia.com/advisories/35766
Not Applicable
http://wiki.rpath.com/Advisories:rPSA-2009-0021
Broken Link
http://www.gratisoft.us/bugzilla/show_bug.cgi?id=327
Product
Release Notes
http://www.mandriva.com/security/advisories?name=MDVSA-2009:033
Broken Link
http://www.redhat.com/support/errata/RHSA-2009-0267.html
Not Applicable
http://www.securityfocus.com/archive/1/500546/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/archive/1/504849/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/33517
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1021688
Third Party Advisory
Broken Link
VDB Entry
http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&f=h
Broken Link
http://www.vmware.com/security/advisories/VMSA-2009-0009.html
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1865
Permissions Required
https://bugzilla.novell.com/show_bug.cgi?id=468923
Issue Tracking
Permissions Required
https://issues.rpath.com/browse/RPL-2954
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10856
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6462
Broken Link