7.8

CVE-2009-0034

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GratisoftSudo Version1.6.9 Updatep17
GratisoftSudo Version1.6.9 Updatep18
GratisoftSudo Version1.6.9 Updatep19
VMwareEsx Version4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.147
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

http://www.securityfocus.com/archive/1/500546/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/archive/1/504849/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/33517
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1021688
Third Party Advisory
Broken Link
VDB Entry
https://bugzilla.novell.com/show_bug.cgi?id=468923
Issue Tracking
Permissions Required