High severity7.8NVD Advisory· Published Jan 30, 2009· Updated Apr 23, 2026
CVE-2009-0034
CVE-2009-0034
Description
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.
Affected products
4Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
21- www.securityfocus.com/archive/1/500546/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/504849/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/33517nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- www.vmware.com/security/advisories/VMSA-2009-0009.htmlnvdThird Party Advisory
- lists.vmware.com/pipermail/security-announce/2009/000060.htmlnvdBroken Link
- osvdb.org/51736nvdBroken Link
- secunia.com/advisories/33753nvdNot Applicable
- secunia.com/advisories/33840nvdNot Applicable
- secunia.com/advisories/33885nvdNot Applicable
- secunia.com/advisories/35766nvdNot Applicable
- wiki.rpath.com/Advisories:rPSA-2009-0021nvdBroken Link
- www.gratisoft.us/bugzilla/show_bug.cginvdProductRelease Notes
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.redhat.com/support/errata/RHSA-2009-0267.htmlnvdNot Applicable
- www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diffnvdBroken Link
- www.vupen.com/english/advisories/2009/1865nvdPermissions Required
- bugzilla.novell.com/show_bug.cginvdIssue TrackingPermissions Required
- issues.rpath.com/browse/RPL-2954nvdBroken Link
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10856nvdBroken Link
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6462nvdBroken Link
News mentions
0No linked articles in our index yet.