Sudo Supplemental Group Privilege Error Lets Certain Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1021688 |
|
SecurityTracker URL: http://securitytracker.com/id/1021688
|
|
CVE Reference:
CVE-2009-0034
(Links to External Site)
|
Date: Feb 5 2009
|
Impact:
Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.6.9 - 1.6.9p19
|
Description:
A vulnerability was reported in Sudo. A local user can obtain elevated privileges on the target system in certain cases.
The software does not properly process supplemental group entries in the 'sudoers' configuration file. A local user that is permitted to run commands as any user of a group that the local user is also a member of can run certain commands with root privileges.
Harald Koenig reported this vulnerability.
|
Impact:
A local user can obtain root privileges on the target system in certain cases.
|
Solution:
The vendor has issued a fixed version (1.6.9p20, 1.7.0).
The vendor's advisory is available at:
http://www.sudo.ws/sudo/alerts/group_vector.html
|
Vendor URL: www.sudo.ws/sudo/alerts/group_vector.html (Links to External Site)
|
Cause:
Access control error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
