CVE-2009-0034

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
gratisoftsudo
1.6.9:p17
gratisoftsudo
1.6.9:p18
gratisoftsudo
1.6.9:p19
vmwareesx
4.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sudo
bullseye (security)
1.9.5p2-3+deb11u1
fixed
bullseye
1.9.5p2-3+deb11u1
fixed
etch
not-affected
bookworm
1.9.13p3-1+deb12u1
fixed
sid
1.9.16-2
fixed
trixie
1.9.16-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sudo
intrepid
Fixed 1.6.9p17-1ubuntu2.1
released
hardy
Fixed 1.6.9p10-1ubuntu3.4
released
gutsy
not-affected
dapper
not-affected
References