CVE-2009-0034

Common Vulnerabilities and Exposures

CVE-2009-0034 at MITRE

Details

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.

Novell Bugzilla entry: 468923

SUSE Security Advisories:

SUSE-SR:2009:003, published Mon, 02 Feb 2009 16:30:00 +0000
SUSE-SR:2009:003 , published Mon, 02 Feb 2009 16:30:00 +0000

Product(s)	Fixed package version(s)	References
openSUSE 10.3	`sudo >= 1.6.9p2-23.4`	ZYPP Patch Nr: 5962 SAT Patch Nr: 472
openSUSE 11.0	`sudo-debuginfo >= 1.6.9p15-13.4` `sudo-debugsource >= 1.6.9p15-13.4`	ZYPP Patch Nr: 5962 SAT Patch Nr: 472
openSUSE 11.0	`sudo >= 1.6.9p15-13.4`	ZYPP Patch Nr: 5962 SAT Patch Nr: 472
openSUSE 11.1	`sudo-debuginfo >= 1.6.9p17-10.36.1` `sudo-debugsource >= 1.6.9p17-10.36.1`	ZYPP Patch Nr: 5962 SAT Patch Nr: 472
openSUSE 11.1	`sudo >= 1.6.9p17-10.36.1`	ZYPP Patch Nr: 5962 SAT Patch Nr: 472